Security News
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks."
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period."
If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately. Part of the problem is that Log4j is so deeply embedded in Java projects and dependencies that are used by quite a lot of tools.
The Log4j saga: New vulnerabilities and attack vectors discoveredThe Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell was fixed by releasing Log4j v2.15.0. Cyber insurance trends: Insurers and insurees must adapt equally to growing threatsIn this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees.
Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "Allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and DoS'ing their Teams app/channels."
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service and man-in-the-middle attacks using low-cost equipment. The new fake base station attacks, in a nutshell, render vulnerable the handover procedures, which are based on the aforementioned encrypted measurement reports and signal power thresholds, effectively enabling the adversary to establish a MitM relay and even eavesdrop, drop, modify, and forward messages transmitted between the device and the network.
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell was fixed by releasing Log4j v2.15.0. There is going to be continued focus on log4j vulns for some time.
Organizations are not always linking the actual data on vulnerabilities with the specific risks to their business, says Cyber Vulcan. With so many security vulnerabilities putting companies at risk, determining which ones to tackle can be a challenge.
Cars are becoming increasingly smart and an extension to our mobile phones. What are the biggest vulnerabilities of today's modern cars?