Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic Stack Source link … [Read more...] about Elastic Stack 6.8.23 released with Log4j update
Released
Elastic Stack 7.16.3 released | Elastic Blog
Version 7.16.3 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 7.16.3 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:7.16.3 release notesElastic StackElastic Enterprise SearchElastic ObservabilityElastic … [Read more...] about Elastic Stack 7.16.3 released | Elastic Blog
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released
An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period. No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei … [Read more...] about BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released
New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache … [Read more...] about New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new … [Read more...] about Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers … [Read more...] about Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in … [Read more...] about New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
iOS 12.4 jailbreak released after Apple ‘accidentally un-patches’ an old flaw
A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple.Dubbed "unc0ver 3.5.0," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version … [Read more...] about iOS 12.4 jailbreak released after Apple ‘accidentally un-patches’ an old flaw
RSA Conference 2019 Security Operations Center Findings Report Released
RSA and Cisco released the first ever Findings Report from the RSA Conference 2019 Security Operations Center (SOC). The RSA® Conference SOC analyzes the Moscone Center wireless traffic, which is an open network during the week of the Conference. The SOC began collecting traffic on Monday, March 4, 2019 and through 4:00PM Thursday, March 7, 2019. There were 70,440,988 sessions … [Read more...] about RSA Conference 2019 Security Operations Center Findings Report Released