What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-26 14:39:15 | Alerte de menace: les conséquences de la violation Anydesk Threat Alert: The Anydesk Breach Aftermath (lien direct) |
Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★★ | |
|
2024-03-13 14:50:52 | Méfiez-vous des messagers, exploitant la vulnérabilité activeMQ Beware of the Messengers, Exploiting ActiveMQ Vulnerability (lien direct) |
Cybearason Security Services Problème des rapports d'analyse des menaces pour informer sur l'impact des menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★ | |
|
2024-02-06 04:35:35 | Alerte de menace: Ivanti Connect Secure VPN Zero-Day Exploitation THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation (lien direct) |
Cybereason Issues Menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris des vulnérabilités critiques telles que l'exploitation Ivanti Secure VPN Zero-Day.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities such as the Ivanti Connect Secure VPN Zero-Day exploitation. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★ | |
|
2022-06-22 13:04:57 | THREAT ALERT: Follina/MSDT Microsoft Office Vulnerability (lien direct) |
|
Vulnerability | ||
|
2022-02-24 13:51:14 | CISO Stories Podcast: Understanding and Preparing for the Next Log4j (lien direct) |
The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, co-founder and CEO of Zero Networks, takes us deeper - check it out... |
Vulnerability | ||
|
2021-12-27 12:00:00 | Malicious Life Podcast: Logout4Shell - A Digital Vaccine for Log4Shell (lien direct) |
A digital 'vaccine' was released to address Log4Shell, which has been called “the single biggest, most critical vulnerability ever.” Nate Nelson talks to Yonatan Striem-Amit, CTO & Co-Founder of Cybereason about the Log4j vulnerability and about the unusual vaccine dubbed Logout4Shell that uses the Log4j exploit to close the vulnerability - check it out… |
Vulnerability | ||
|
2021-12-17 23:09:51 | The First True XDR Solution (lien direct) |
It has been a uniquely amazing week for me and for Cybereason. We started the week by sharing LogOut4Shell-a free vaccine we developed to prevent the Log4Shell vulnerability from being exploited. Then we hosted DefenderCon '21 and launched Cybereason XDR powered by Google Chronicle. |
Vulnerability | ||
|
2021-12-17 15:00:00 | UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046) (lien direct) |
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart.
The previous version of the Vaccine used the Log4Shell vulnerability to remove the JNDI interpolator entirely from all logger contexts to prevent the vulnerability from being exploited in the running JVM (server process). This update not only fixes the vulnerability, but also edits the jar file on disk to remove the JndiLookup class to permanently mitigate the Log4Shell vulnerability on a running server. It also performs additional changes on the plugin registry.
Due to the nature of the permanent solution, there is nominal risk involved, so the Vaccine offers the option to execute the completely safe but temporary solution, or the slightly more risky but permanent solution. The documentation has been updated to reflect that we now support both options.
The Log4shell vulnerability still requires patching. This updated Logout4Shell mitigation option can provide security teams the time required to roll out patches while reducing the risk from exploits targeting the Log4j vulnerability.
The latest version is pushed to our github at https://github.com/Cybereason/Logout4Shell
UPDATE 12/15/21: Our initial vaccine approach was to set the formatMsgLookup flag to "true" and reconfigured the Log4j logger, which supported versions >= 2.10.0. In this updated Vaccine technique, in order to support older versions < 2.10.0, the "flag" no longer exists and instead it removes the JNDI interpolator entirely from all logger contexts.
The update also pushes an additional fix to make this removal behavior the "default" even in cases where the "flag" is still supported. We still highly recommend upgrading to 2.16.0, or removing the JNDI class entirely from each server if upgrading to the latest patched version is not possible for your organization at this time.
This updated Vaccine version also mitigates the most recent lower severity vulnerability disclosure (CVE-2021-45046) which was patched in log4j version 2.16.0. This vulnerability showed that in certain scenarios, for example, where attackers can control a thread-context variable that gets logged, even the flag log4j2.formatMsgNoLookups is insufficient to mitigate Log4shell.
The text below has been updated to reflect the latest guidance and changes to the temporary workaround Vaccine developed by Cybereason.
=============================================================
Cybereason researchers have developed and released a “vaccine” for the Apache Log4Shell vulnerabilities (CVE-2021-44228) and (CVE-2021-4504 |
Vulnerability | ||
|
2021-12-15 17:56:17 | How Cybereason Detects and Prevents Exploits Leveraging Log4Shell Vulnerability (lien direct) |
Log4Shell is a vulnerability (CVE-2021-44228) impacting Apache Log4j which was disclosed on the project's GitHub on December 9, 2021. The flaw has the highest possible severity rating of 10 and is pervasive. |
Vulnerability | ||
|
2021-12-10 23:55:00 | Cybereason Releases Vaccine to Prevent Exploitation of Apache Log4Shell Vulnerability (CVE-2021-44228) (lien direct) |
Cybereason researchers have developed and release a “vaccine” for the Apache Log4Shell vulnerability (CVE-2021-44228). The vaccine is now freely available on GitHub. It is a relatively simple fix that requires only basic Java skills to implement and is freely available to any organization. Cybereason previously announced that none of the company's products or services were impacted by the vulnerability. |
Vulnerability | ||
|
2021-12-10 21:08:07 | Cybereason Solutions Are Not Impacted by Apache Log4j Vulnerability (CVE-2021-44228) (lien direct) |
A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on the project's GitHub on December 9, 2021, and designated as CVE-2021-44228 with the highest severity rating of 10. |
Vulnerability | ★★ | |
|
2021-10-26 15:21:56 | Microsoft Publishes Veiled Mea Culpa Disguised as Research (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM-the threat actor behind the SolarWinds attacks-is targeting delegated administrative privileges as part of a larger malicious campaign.
Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and IT services organizations in what at first glance appears to be a standard threat intelligence report, but upon examination more closely resembles a technical vulnerability disclosure. |
Vulnerability Threat | ||
|
2021-09-24 12:33:29 | 1,460-Day Old Known Vulnerability Catches Microsoft Off Guard (lien direct) |
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such thing as perfect code, and that even the most secure application can be compromised given enough time. But that is not an excuse for writing bad code or failing to address known issues. |
Vulnerability | ||
|
2021-09-14 20:07:22 | Update Your Apple Devices to Guard Against Pegasus Spyware Attacks (lien direct) |
Apple issued an emergency update yesterday for a critical vulnerability discovered in its iPhones, Apple Watches, and Mac computers. Researchers at Citizen Lab discovered a no-click zero-day exploit that works on all Apple devices that do not have the latest update. |
Vulnerability | ||
|
2021-09-13 12:56:00 | Azurescape Vulnerability: More Evidence that Microsoft Should Leave Security to the Experts (lien direct) |
It's been a busy couple weeks for Microsoft-and not in a good way. Following the news that a configuration error left Azure cloud customer data exposed to potential compromise, and a security alert from Microsoft about an active exploit targeting a zero-day vulnerability in MSHTML, now there are reports of a critical security vulnerability that can allow attackers to compromise containers in Azure as well. |
Vulnerability | Uber | |
|
2021-09-10 16:00:00 | THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ||
|
2021-09-09 12:46:23 | CISO Stories Podcast: The Unpatchable Vulnerability that is Human Nature (lien direct) |
Rachel Tobac, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature - check it out... |
Vulnerability | ||
|
2021-09-02 21:22:38 | Microsoft Vulnerability Exposes Thousands to Risk…Again (lien direct) |
I can't deny that Microsoft competes with Cybereason, but the truth is, I owe a lot of the success of Cybereason to Microsoft. After all, the lion's share of what we do as defenders is protect against exploits targeting vulnerable Microsoft platforms and applications. |
Vulnerability | ||
|
2021-08-18 16:43:59 | BlackBerry QNX Vulnerability Highlights Lurking Issues with IOT Security (lien direct) |
BlackBerry revealed that its QNX operating system is vulnerable to the BadAlloc flaw revealed earlier this year. QNX is an embedded systems operating system that can be found in hundreds of millions of cars, as well as everything from critical infrastructure, to hospital devices, to equipment on the International Space Station. The disclosure highlights a lurking issue illustrating the much larger challenge we face when it comes to securing internet-of-things (IoT) and embedded systems like QNX. |
Vulnerability | ||
|
2021-04-15 13:13:18 | CISO Stories Podcast: Is There a Magic Security Control List? (lien direct) |
Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created a “Fog of More,” making the choices difficult to manage.
This week's guest is Tony Sager, a 35-year NSA software vulnerability analyst and executive, and the innovator of community-based controls sharing. Sager discusses how the CIS Controls can be used effectively to manage your environment - check it out... |
Vulnerability | ||
|
2021-02-04 14:00:00 | The Security Value of Exploit Protection (lien direct) |
An exploit attack occurs when a malicious actor takes advantage of a software vulnerability to penetrate and then damage or steal information from a computer system. One feature that Cybereason provides to protect users from exploit attacks is our Exploit Protection. The following is a quick rundown of some of the key terms for understanding exploit attacks. |
Vulnerability |
1
We have: 21 articles.
We have: 21 articles.
To see everything:
Our RSS (filtrered)
