Researchers have discovered a critical vulnerability CVE-2022-22965, in Spring, an open source framework for the Java platform. Unfortunately, details about the vulnerability were leaked to the public before the official announcement was published and the relevant patches were released. The vulnerability immediately attracted attention of information security specialists, as it … [Read more...] about Spring4Shell: critical vulnerability in Spring
vulnerability
New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from … [Read more...] about New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical … [Read more...] about New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances
Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all … [Read more...] about New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances
How the CrowdStrike Falcon Platform Automates Vulnerability Remediation
Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection … [Read more...] about How the CrowdStrike Falcon Platform Automates Vulnerability Remediation
Update iOS! There is a dangerous vulnerability in WebKit (CVE-2022-22620)
Apple has released an urgent update for iOS and iPadOS that fixes the CVE-2022-22620 vulnerability. They recommend updating devices as soon as possible, as the company have reason to believe that the vulnerability is already being actively exploited by unknown actors. Why vulnerability CVE-2022-22620 is dangerous As usual, Apple experts do not disclose the details of the … [Read more...] about Update iOS! There is a dangerous vulnerability in WebKit (CVE-2022-22620)
Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J library, a Java-based logging tool widely used in applications around the world. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers – impacting a broad range of services and applications.Logz.io has been aware of the … [Read more...] about Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful … [Read more...] about Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
Dangerous vulnerability discovered in Dark Souls III videogame
The gaming community is discussing a recent vulnerability in the Dark Souls III videogame. This RCE vulnerability allows attackers to remotely execute arbitrary code on a victim’s computer. Apparently, the vulnerability also affects earlier games in the Dark Soul series: because of this the developers have taken the unusual step of temporarily deactivating PvP servers across … [Read more...] about Dangerous vulnerability discovered in Dark Souls III videogame
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability