Security
Headlines
HeadlinesLatestCVEs

Tag

#log4j

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.

Threatpost
Open in Source
#vulnerability#linux#apache#git#java#log4j#auth
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.  "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend

CVE-2022-26326: Access Manager 5.0 Service Pack 2 Release Notes

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

6 Best Practices to Ensure Kubernetes Security Meets Compliance Regulations

Security must be precise enough to meet compliance requirements without impeding DevOps and developer productivity. Here's how to strike that balance.

The top 5 most routinely exploited vulnerabilities of 2021

International cybersecurity authorities have published an overview of the most routinely exploited vulnerabilities of 2021. The post The top 5 most routinely exploited vulnerabilities of 2021 appeared first on Malwarebytes Labs.

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021

Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).

How Industry Leaders Should Approach Open Source Security

Here's how to reduce security risk and gain the benefits of open source software.

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

Log4j Attack Surface Remains Massive

Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.