News & Updates
“Log4Shell” Java vulnerability – how to safeguard your servers
The Log4Shell bug is present in a popular Java code library called Log4j (Logging for Java), and if successfully exploited, attackers get what is effectively a shell – a way to run any system code of their choosing. Unfortunately, the vulnerability was shared as a zero-day hole (the name for a security bug that’s documented before a patch is out), and published as a proof-of-concept (PoC) on GitHub.
University loses 77TB of research data due to backup error
The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. The incident occurred between December 14 and 16, 2021, and resulted in 34 million files from 14 research groups being wiped from the system and the backup file.
Pretty much all Wi-Fi routers are vulnerable to attack, study finds
In a shocking revelation, cybersecurity researchers have discovered over 200 bugs in Wi-Fi routers made by nine popular manufacturers, suggesting that millions of the most common devices around the world are vulnerable to attacks.
DMARC and the prevention of World Health Organisation phishing scams
With various medical opinions, news outlets spreading varied statistics, case number and death reports, and safety recommendations that varied between countries, states, cities, and individual businesses, people often felt desperate for information. The combination of these factors created an environment in which phishing attempts were easily successful, targeting the population by utilising the World Health Organisation’s (WHO) name as a cover. While phishing attempts, particularly those utilizing email are common, they are unfortunately frequently successful.
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.
7 zero-trust misconceptions that every agency should know
Zero trust has rapidly become the most discussed security term of late, garnering more attention from the rise of ransomware and President Joe Biden's Executive Order on Cybersecurity. The rush to zero trust has also generated confusion about its implementation.
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges — with an ultimate goal of dropping malware onto organizations’ networks, the FBI has warned.
LastPass users warned their master passwords are compromised
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.
Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks.”