Tag
#log4j
Mishandling of untrusted input issue resolved by developers
Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to
The fix was developed at a running pace as Cobalt Strike is essential to Red Team operations
Categories: Business In this post, we cover the importance of third-party application patching and the challenges it can solve for your organization. (Read more...) The post Third-party application patching: Everything you need to know for your business appeared first on Malwarebytes Labs.
External attack surface management leader unveils evolution of risk intelligence solution, including a virtual sandbox environment to safely validate steps to remediation.
By Waqas The malware has been identified as I3mon, which can perform all kinds of spying operations. This is a post from HackRead.com Read the original post: Smartphones of Iran’s protest detainees targeted with spyware
Categories: Exploits and vulnerabilities Categories: News Tags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? (Read more...) The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.
Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.