Security News

Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. Microsoft has fixed 55 vulnerabilities with today's update, with seven classified as Critical and 60 as Important.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch systems against the critical Log4Shell vulnerability and released mitigation guidance in response to active exploitation. CISA has now created a dedicated page with technical details about the Apache Log4j logging library flaw and patching information for vendors and impacted organizations.

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. An anonymous researcher has been credited with discovering and reporting the flaw.

Critical RCE 0day in Apache Log4j library exploited in the wildA critical zero-day vulnerability in Apache Log4j, a widely used Java logging library, is being leveraged by attackers in the wild.Kali Linux 2021.4 released: Wider Samba compatibility, The Social-Engineer Toolkit, new tools, and more!Offensive Security released Kali Linux 2021.4, which comes with a number of improvements: wider Samba compatibility, switching package manager mirrors, enhanced Apple M1 support, Kaboxer theming, updates to Xfce, GNOME and KDE, Raspberry Pi Zero 2 W + USBArmory MkII ARM images, as well as new tools.

Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers. The vulnerability is fixed with the release of Minecraft: Java Edition 1.18.1, which is now rolling out to all customers.

An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers. The Apache Foundation published a patch for the critical-rated vuln earlier today.

While there are older vulnerabilities dating back to 2014, most of these vulnerabilities are from 2020-2021 and updating an entire organization can take months of planning and execution if you don't have an efficient patch management infrastructure in place. Assuming we have a few quiet weeks following Patch Tuesday, take a moment to compare your program to these and see how you stack up.

SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although there's currently no evidence of these bugs being exploited in active attacks, threat actors have been known to target these appliances in the past by leveraging known and zero-day vulnerabilities.

Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. CVE-2021-20039 - SMA 100 Series authenticated command injection vulnerability as root.

SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical."SonicWall urges impacted customers to implement applicable patches as soon as possible," the company says in a security advisory published Tuesday.