Ελληνικά
A critical vulnerability (CVE-2021-44228) has recently been discovered that affects Log4j versions from 2.0-beta9 to 2.14.1, and is critical as it can be remotely exploited by a non-authenticated attacker allowing remote code execution (RCE). The vulnerability is rated 10 out of 10 in the Common Vulnerability Rating System (CVSS), which describes how serious the vulnerability […]
Author Archives: CSIRT
The Apache Software Foundation has released fixes to contain an <<https://twitter.com/DTCERT/status/1469258597930614787>> <<https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/>> zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as <<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>> and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, […]
Ransomware is the most prominent threat in the cyber space today. Cyber insurer (https://www.insurancebusinessmag.com/us/companies/allianz/66992/) Global Corporate & Specialty (AGCS) recently went so far as to call ransomware a “pandemic” – one that is spreading rapidly around the world. This variation of malware allows hackers to lock businesses or individuals out of their systems and encrypt […]
By Ionut Arghire On Tuesday, its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News. The most important of SAP’s security notes (https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983) deals with two critical vulnerabilities in SAP Environmental Compliance. Tracked as CVE-2020-10683 and CVE-2021-23926 (CVSS […]
by Josh Meyer As most Americans are still learning about the hacking-for-cash crime of ransomware, the nation’s top homeland security official is worried about an even more dire digital danger: killware, or cyberattacks that can literally end lives. The Colonial Pipeline ransomware attack in April galvanized the public’s attention because of its consumer-related complications, including long lines […]