Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. Read more
-
Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look
There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. Read more
-
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. Read more
-
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Read more
-
Vulnerability Summary for the Week of December 13, 2021
Original release date: December 21, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected… Read more
-
Conti Ransomware Gang Has Full Log4Shell Attack Chain
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. Read more
-
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. Read more
-
Facebook Bans Spy-for-Hire Firms for Targeting 50K People
Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. Read more
-
Brand-New Log4Shell Attack Vector Threatens Local Hosts
The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities. Read more
-
CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities
Original release date: December 17, 2021 CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228. Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage… Read more