Google has fixed 28 vulnerabilities by releasing update 100.0.4896.60 for its Chrome browser. At least 9 of them have a high severity rating — adding to CVE-2022-1096, another high severity vulnerability which Google patched with a separate update just a few days ago. So in total, the Chrome developers have released patches for 10 high severity vulnerabilities in less than a … [Read more...] about Update Google Chrome to version 100
update
Update iOS! There is a dangerous vulnerability in WebKit (CVE-2022-22620)
Apple has released an urgent update for iOS and iPadOS that fixes the CVE-2022-22620 vulnerability. They recommend updating devices as soon as possible, as the company have reason to believe that the vulnerability is already being actively exploited by unknown actors. Why vulnerability CVE-2022-22620 is dangerous As usual, Apple experts do not disclose the details of the … [Read more...] about Update iOS! There is a dangerous vulnerability in WebKit (CVE-2022-22620)
Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J library, a Java-based logging tool widely used in applications around the world. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers – impacting a broad range of services and applications.Logz.io has been aware of the … [Read more...] about Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
North Korean Hackers Using Windows Update Service to Infect PCs with Malware
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned … [Read more...] about North Korean Hackers Using Windows Update Service to Infect PCs with Malware
Elastic Stack 6.8.23 released with Log4j update
Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic Stack Source link … [Read more...] about Elastic Stack 6.8.23 released with Log4j update
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
How To Update Your Security Infrastructure and Recover from a Cyberattack
Manufacturing company Megablok was experiencing frequent network outages that were halting business productivity and forcing employees to work from home. Like most, it blamed its current network and decided to recheck all network cables and expand its broadband to help resolve the issue. Frustratingly, the outages continued to happen. The company learned shortly after that the … [Read more...] about How To Update Your Security Infrastructure and Recover from a Cyberattack
Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 … [Read more...] about Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new … [Read more...] about Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant … [Read more...] about Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack