December 2021
December 14, 2021: Log4j
Summary:
Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j. ZDNet reports that the vulnerability, being tracked as CVE-2021-44228, is “severe and allows unauthenticated remote code execution as the user running the application utilizes the Java logging library.”
Further information here
________________________________________________
July 2021
July 6, 2021: Kaseya VSA Zero-Day
Summary:
- Attackers carried out a supply chain ransomware attack by leveraging a zero-day vulnerability in Kaseya’s VSA software on Friday July 2, 2021. A compromised Kaseya update reached VSA on-premises servers from where, using the system’s internal scripting engine, the ransomware was deployed to all connected client systems.
Further information here
________________________________________________
June 2021
June 3, 2021: RIG Exploit Kit (EK)
Summary:
- The RIG Exploit Kit (EK), which was discovered in 2014, is known to exploit vulnerabilities in Microsoft’s Internet Explorer browser and third-party applications such as Java, Adobe Flash, and Microsoft Silverlight. Browser exploits are very rare nowadays, however, in March 2021 researchers discovered the Rig EK had the ability to exploit CVE-2021-26411 affecting Microsoft Internet Explorer.
Further information here
________________________________________________
