#log4j

Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.

The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

By Waqas Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia. This is a post from HackRead.com Read the original post: Chinese Sharp Panda Group Unleashes SoulSearcher Malware

By Deeba Ahmed The new MQTTang backdoor is capable of evading detection, making it an even bigger threat to victims. This is a post from HackRead.com Read the original post: Chinese Hackers Unleashes MQsTTang Backdoor Against Govt Entities

License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard.