Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important 0Moderate 0Low Update January 13: The Solutions section has been updated to reflect…
CVE-2021-44228、CVE-2021-45046、CVE-2021-4104:有關 Log4Shell 及相關弱點的常見問答集
有關 Log4Shell 及相關弱點的常見問答集
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.
Apache Log4j 缺陷:網路安全產業的福島核電廠等級重大事故
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
Apache Log4j 缺陷讓第三方軟體成為目光焦點
Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
CVE-2021-44228:Apache Log4j 重大遠端程式碼執行弱點 (Log4Shell) 概念驗證已可供使用
常用記錄程式庫 Log4j 2 中的重大弱點影響了許多服務與應用程式,包括:Minecraft、Steam 和 Apple iCloud。攻擊者已開始積極掃描並嘗試惡意刺探此軟體缺陷。
CVE-2021-41773:Path Traversal Zero-Day in Apache HTTP Server Exploited
The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to reflect the secondary fix the Apache HTTP Server Project released.BackgroundOn October 5, the Apache…
CVE-2021-38647 (OMIGOD): Critical Flaw Leaves Azure Linux VMs Vulnerable to Remote Code Execution
Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz disclosed a set of four vulnerabilities in Microsoft’s Open Management Infrastructure (OMI), an…
CVE-2021-34527:Microsoft Releases Out-of-Band Patch for PrintNightmare Vulnerability in Windows Print Spooler
Microsoft issues an out-of-band patch for critical ‘PrintNightmare’ vulnerability following reports of in-the-wild exploitation and publication of multiple proof-of-concept exploit scripts Update July 9, 2021: The Solution section has been updated to clarify the vulnerable configurations as well…
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos
Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads appearing before and during cryptocurrency videos.BackgroundIn early May, scammers compromised…
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with information about the availability of additional plugins as well as a link to our blog post that details…
CVE-2020-14882:Oracle WebLogic 遠端程式碼執行弱點遭到猖獗利用
A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Update October 30, 2020: The solutions section has been updated to reflect the disclosure of a…
聯絡我們的銷售團隊