What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-14 23:15:24 | Mai 2024 Patch mardi: deux jours zéro parmi 61 vulnérabilités abordées May 2024 Patch Tuesday: Two Zero-Days Among 61 Vulnerabilities Addressed (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 61 vulnérabilités dans son déploiement du patch de mai 2024.Il y a deux vulnérabilités de zéro-jour corrigées, affectant Windows MSHTML (CVE-2024-30040) et la bibliothèque de base du gestionnaire de fenêtres de bureau (DWM) (CVE-2024-30051), et une vulnérabilité critique affectant Microsoft SharePoint Server (CVE-2024-30044).Mai 2024 Analyse des risques ce mois-ci, le type de risque principal est le code distant [& # 8230;]
Microsoft has released security updates for 61 vulnerabilities in its May 2024 Patch Tuesday rollout. There are two zero-day vulnerabilities patched, affecting Windows MSHTML (CVE-2024-30040) and Desktop Window Manager (DWM) Core Library (CVE-2024-30051), and one Critical vulnerability patched affecting Microsoft SharePoint Server (CVE-2024-30044). May 2024 Risk Analysis This month\'s leading risk type is remote code […] |
Vulnerability Threat | ||
|
2024-04-12 22:29:44 | CVE-2024-3400: Ce que vous devez savoir sur le Pan-OS Zero-Day critique CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day (lien direct) |
MISE À JOUR: Il a été confirmé que la désactivation de la télémétrie ne bloquera pas cet exploit.L'application d'un correctif dès que possible est la correction la plus efficace pour cette vulnérabilité.Des correctifs pour 8 des 18 versions vulnérables ont été publiées;Les correctifs pour les versions vulnérables restantes sont attendues avant le 19 avril.Crowdsstrike travaille constamment à [& # 8230;]
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the 18 vulnerable versions have been released; patches for the remaining vulnerable versions are expected by April 19th. CrowdStrike is constantly working to […] |
Vulnerability Threat | ★★ | |
|
2024-04-09 21:27:47 | Patch avril 2024 Mardi: trois vulnérabilités critiques de RCE dans Microsoft Defender pour l'IoT April 2024 Patch Tuesday: Three Critical RCE Vulnerabilities in Microsoft Defender for IoT (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 150 vulnérabilités lors de son déploiement de mardi avril 2024, un montant beaucoup plus important que ces derniers mois.Il existe trois vulnérabilités critiques d'exécution de code distantes (CVE-2024-21322, CVE-2024-21323 et CVE-2024-29053), qui sont toutes liées à Microsoft Defender pour IoT, la plate-forme de sécurité de Microsoft \\ pour les appareils IoT.Avril 2024 Analyse des risques [& # 8230;]
Microsoft has released security updates for 150 vulnerabilities in its April 2024 Patch Tuesday rollout, a much larger amount than in recent months. There are three Critical remote code execution vulnerabilities (CVE-2024-21322, CVE-2024-21323 and CVE-2024-29053), all of which are related to Microsoft Defender for IoT, Microsoft\'s security platform for IoT devices. April 2024 Risk Analysis […] |
Vulnerability | ★★★ | |
|
2024-03-12 22:56:23 | Mars 2024 Patch mardi: deux bugs critiques parmi 60 vulnérabilités corrigées March 2024 Patch Tuesday: Two Critical Bugs Among 60 Vulnerabilities Patched (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 60 vulnérabilités lors de son déploiement du patch de mars 2024 mardi.Il existe deux vulnérabilités critiques corrigées (CVE-2024-21407 et CVE-2024-21408), qui affectent toutes deux l'hyperviseur hyper-v.Mars 2024 Analyse des risques de ce mois-ci, le type de risque principal de \\ est une élévation du privilège (40%) suivie de l'exécution du code à distance (30%) et d'un lien entre [& # 8230;]
Microsoft has released security updates for 60 vulnerabilities in its March 2024 Patch Tuesday rollout. There are two Critical vulnerabilities patched (CVE-2024-21407 and CVE-2024-21408), both of which affect the Hyper-V hypervisor. March 2024 Risk Analysis This month\'s leading risk type is elevation of privilege (40%) followed by remote code execution (30%) and a tie between […] |
Vulnerability | ★★★ | |
|
2024-02-14 15:29:42 | CrowdStrike a nommé le seul client \\ 'Choice: 2024 Gartner & Reg;«Voix du client» pour l'évaluation de la vulnérabilité CrowdStrike Named the Only Customers\\' Choice: 2024 Gartner® “Voice of the Customer” for Vulnerability Assessment (lien direct) |
C'est un refrain courant dans les cercles de sécurité qui & # 8220; personne n'aime leur outil de gestion de vulnérabilité. & # 8221;Crowdsstrike a peut-être été l'exception.Nous sommes fiers d'annoncer que CrowdStrike est le seul fournisseur nommé un choix de clients dans le rapport 2024 Gartner «Voice of the Client» pour l'évaluation de la vulnérabilité.Dans ce rapport, Crowdsstrike [& # 8230;]
It is a common refrain in security circles that “nobody loves their vulnerability management tool.” CrowdStrike may have just proved to be the exception. We are proud to announce that CrowdStrike is the only vendor named a Customers\' Choice in the 2024 Gartner “Voice of the Customer” Report for Vulnerability Assessment. In this report, CrowdStrike […] |
Tool Vulnerability | ★★ | |
|
2024-02-13 23:27:16 | Février 2024 Patch Mardi: deux jours zéro au milieu de 73 vulnérabilités February 2024 Patch Tuesday: Two Zero-Days Amid 73 Vulnerabilities (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 73 vulnérabilités pour son déploiement de février 2024 mardi.Il s'agit notamment de deux jours zéro activement exploités (CVE-2024-21412 et CVE-2024-21351), qui sont tous deux des défauts de contournement des caractéristiques de sécurité.Cinq des vulnérabilités abordées aujourd'hui sont critiques tandis que les 68 autres sont évalués ou modérés.Février 2024 Analyse des risques Ce [& # 8230;]
Microsoft has released security updates for 73 vulnerabilities for its February 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-21412 and CVE-2024-21351), both of which are security feature bypass flaws. Five of the vulnerabilities addressed today are rated Critical while the remaining 68 are rated Important or Moderate. February 2024 Risk Analysis This […] |
Vulnerability | ★★ | |
|
2023-11-20 18:38:02 | Éliminer les tâches répétitives et accélérer la réponse avec la fusion Falcon Eliminate Repetitive Tasks and Accelerate Response with Falcon Fusion (lien direct) |
Les adversaires deviennent de plus en plus sophistiqués et plus rapidement avec leurs attaques.Selon le rapport de chasse aux menaces Crowdsstrike 2023, le temps d'évasion ECRIME moyen n'est que de 79 minutes.Cela est dû en partie au fait que les adversaires tirent parti des outils qui tirent parti de l'automatisation comme des outils de craquage de mot de passe, des kits d'exploitation pour les vulnérabilités du navigateur Web et des marchés qui vendent des données volées.[& # 8230;]
Adversaries are becoming more sophisticated and faster with their attacks. According to the CrowdStrike 2023 Threat Hunting Report, the average eCrime breakout time is just 79 minutes. This is partly due to adversaries taking advantage of tools that leverage automation like password-cracking tools, exploit kits for web browser vulnerabilities, and marketplaces that sell stolen data. […] |
Tool Vulnerability Threat | ★★ | |
|
2023-11-15 17:27:21 | Novembre 2023 Patch mardi: 58 vulnérabilités, dont trois jours zéro exploités activement November 2023 Patch Tuesday: 58 Vulnerabilities Including Three Actively Exploited Zero-Days (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 58 vulnérabilités, dont cinq jours zéro, dont trois sont activement exploités.L'un des jours zéro (CVE-2023-36025) est une vulnérabilité de contournement de fonction de sécurité Windows SmartScreen, la seconde (CVE-2023-36033) est une vulnérabilité d'escalade de privilège dans la bibliothèque Windows DWM Core, et la troisième (CVE-2023 CVE-2023 dans la Windows DWM, et la troisième (CVE-2023-36036) est une autre vulnérabilité d'escalade des privilèges affectant [& # 8230;]
Microsoft has released security updates for 58 vulnerabilities, including five zero-days, three of which are being actively exploited. One of the zero-days (CVE-2023-36025) is a Windows SmartScreen Security Feature Bypass Vulnerability, the second (CVE-2023-36033) is a privilege escalation vulnerability in the Windows DWM Core Library, and the third (CVE-2023-36036) is another privilege escalation vulnerability affecting […] |
Vulnerability | ★★ | |
|
2023-10-19 20:53:43 | Patch Mardi a 20 ans: la croissance et l'impact du problème de vulnérabilité de Microsoft \\ Patch Tuesday Turns 20: The Growth and Impact of Microsoft\\'s Vulnerability Problem (lien direct) |
Il y a vingt ans, Microsoft a introduit le concept de patch mardi pour «réduire la charge des administrateurs informatiques en ajoutant un niveau de prévisibilité et de gestion accrue».L'objectif de Patch mardi était de fournir une structure nécessaire autour de ce qui était en grande partie un processus ad hoc.En consolidant la majorité des mises à jour de sécurité et des correctifs requis dans [& # 8230;]
Twenty years ago, Microsoft introduced the concept of Patch Tuesday to “reduce the burden on IT administrators by adding a level of increased predictability and manageability.” The goal of Patch Tuesday was to provide needed structure around what was largely an ad hoc process. By consolidating the majority of security updates and required patches into […] |
Vulnerability | ★★ | |
|
2023-10-10 23:54:15 | Octobre 2023 Patch mardi: 104 Vulnérabilités, dont trois jours zéro exploités activement October 2023 Patch Tuesday: 104 Vulnerabilities Including Three Actively Exploited Zero-Days (lien direct) |
Ce mois-ci marque le 20e anniversaire de Patch Mardi, et Microsoft a publié des mises à jour de sécurité pour 104 vulnérabilités, dont trois zéro jours.L'un des jours zéro (CVE-2023-41763) est une élévation de la vulnérabilité des privilèges dans Microsoft Skype pour les entreprises.Le second (CVE-2023-36563) est une vulnérabilité de divulgation d'informations dans Microsoft WordPad, et le troisième (CVE-2023-44487) permet un distribué [& # 8230;]
This month marks the 20th anniversary of Patch Tuesday, and Microsoft has released security updates for 104 vulnerabilities, including three zero-days. One of the zero-days (CVE-2023-41763) is an elevation of privilege vulnerability in Microsoft Skype for Business. The second (CVE-2023-36563) is an information disclosure vulnerability in Microsoft WordPad, and the third (CVE-2023-44487) enables a distributed […] |
Vulnerability | ★★ | |
|
2023-08-10 07:00:23 | Découvrir et bloquer un exploit zéro-jour avec CrowdStrike Falcon complet: Le cas de CVE-2023-36874 Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874 (lien direct) |
CrowdStrike Counter Adversary Operations s'engage à analyser les campagnes d'exploitation actives et à détecter et bloquer les jours zéro pour protéger nos clients.En juillet 2023, le Crowdsstrike Falcon & Reg;L'équipe complète de détection et de réponse gérée (MDR) a découvert qu'un kit d'exploitation inconnu tirant parti d'une vulnérabilité immobile affectant le composant Windows Error Reporting).Notre équipe s'est préparée à signaler cela [& # 8230;]
CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and response (MDR) team discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. Our team prepared to report this […] |
Vulnerability | ★★★ | |
|
2023-08-09 13:02:39 | Patch août 2023 mardi: deux zéro jours exploités activement et six vulnérabilités critiques adressées August 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Six Critical Vulnerabilities Addressed (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 76 vulnérabilités et deux zéro-jours pour son déploiement de mardi d'août 2023.L'un des jours zéro (CVE-2023-38180) est une vulnérabilité de déni de service dans .NET et Visual Studio.L'autre jour zéro (CVE-2023-36884) a reçu une mise à jour en profondeur de défense pour atténuer une faille sous attaque active;Cependant, ce n'est pas un patch.[& # 8230;]
Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability in .NET and Visual Studio. The other zero-day (CVE-2023-36884) received a Defense in Depth update to mitigate a flaw under active attack; however, it is not a patch. […] |
Vulnerability | ★★★ | |
|
2023-07-14 16:50:39 | Les adversaires peuvent «se connecter avec Microsoft» via la vulnérabilité NOAuth Azure Active Directory Adversaries Can “Log In with Microsoft” through the nOAuth Azure Active Directory Vulnerability (lien direct) |
Le 20 juin 2023, Descope a publié des recherches détaillant comment une combinaison d'une faille dans Azure Active Directory et des applications tierces peu intégrées - surnommée «NoAuth» - pourrait conduire à une prise de contrôle complète du compte.NoAuth est le dernier d'un grand nombre de vulnérabilités et de faiblesses architecturales dans les logiciels et systèmes Microsoft comme Active Directory qui [& # 8230;]
On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications - dubbed “nOAuth” - could lead to full account takeover. nOAuth is the latest in a large number of vulnerabilities and architectural weaknesses in Microsoft software and systems like Active Directory that […] |
Vulnerability | ★★★★ | |
|
2023-07-11 22:43:33 | Patch de juillet 2023 Mardi: six vulnérabilités zéro-jours activement exploitées et neuf vulnérabilités critiques identifiées July 2023 Patch Tuesday: Six Actively Exploited Zero-Days and Nine Critical Vulnerabilities Identified (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 131 vulnérabilités et une divulgation pour une vulnérabilité encore terminée pour son déploiement de juillet 2023 mardi: 9 sont évalués comme critiques tandis que les 122 autres sont évalués comme importants.Il y a une vulnérabilité sans cote de gravité.Juillet 2023 Analyse des risques ce mois-ci, le type de risque principal est le code distant [& # 8230;]
Microsoft has released security updates for 131 vulnerabilities and a disclosure for one yet-unpatched vulnerability for its July 2023 Patch Tuesday rollout: 9 are rated as Critical while the remaining 122 are rated as Important. There is one vulnerability without a severity rating. July 2023 Risk Analysis This month\'s leading risk type is remote code […] |
Vulnerability | ★★★ | |
|
2022-12-14 19:37:51 | December 2022 Patch Tuesday: 10 Critical CVEs, One Zero-Day, One Under Active Attack (lien direct) | Microsoft has released 49 security patches for its December 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical, two are rated Medium and the rest are rated Important. DirectX Graphics Kernel Elevation of Privilege Vulnerability (CVE-2022-44710) is listed as publicly known while Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698) is listed as actively […] | Vulnerability | ★★ | |
|
2022-06-23 16:26:54 | The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance (lien direct) | CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor's entry point. The threat actor performed a novel remote code execution exploit on the Mitel appliance to gain initial access to the environment. CrowdStrike identified and reported the vulnerability to Mitel, and CVE-2022-29499 was created. The threat actor […] | Vulnerability Threat | ||
|
2022-06-16 18:29:55 | June 2022 Patch Tuesday: Three Critical CVEs and a Fix for the Follina Vulnerability (lien direct) | Microsoft has released 55 security patches for its June 2022 Patch Tuesday rollout. Three of the 55 CVEs addressed are rated Critical severity, with CVE-2022-30136 having the highest CVSS score of 9.8. In this blog, the CrowdStrike Falcon Spotlight™ team offers an analysis of this month's vulnerabilities, as well as insights into the vulnerabilities and […] | Vulnerability | ||
|
2022-06-01 15:49:28 | CrowdStrike Falcon Protects Customers from Follina (CVE-2022-30190) (lien direct) | On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT) The vulnerability, which is classified as a zero-day, can be invoked via weaponized Office documents, Rich Text Format (RTF) files, XML files and HTML files At time of writing, there is no patch available from the […] | Tool Vulnerability | ||
|
2022-05-12 11:15:30 | May 2022 Patch Tuesday: Six Critical CVEs Fixed and a Windows Vulnerability Actively Exploited (lien direct) | Microsoft has released 73 security patches for its May Patch Tuesday rollout. One of the 73 CVEs addressed, Windows LSA Spoofing Vulnerability CVE-2022-26925, is ranked as Important and is under active exploitation. In this blog, the CrowdStrike Falcon Spotlight™ team offers an analysis on this monthâs vulnerabilities, highlighting those that are most severe and recommending […] | Vulnerability | ★★★★ | |
|
2022-05-03 08:37:30 | CVE-2022-23648: Kubernetes Container Escape Using Containerd CRI Plugin and Mitigation (lien direct) | CVE-2022-23648, reported by Googleâs Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerdâs CRI plugin that handles OCI image specs containing âVolumes.â The attacker can add Volume containing path traversal to the image and use it to copy arbitrary files from the host […] | Vulnerability | Uber | |
|
2022-04-20 12:42:51 | CrowdStrike Falcon Spotlight Fuses Endpoint Data with CISA\'s Known Exploited Vulnerabilities Catalog (lien direct) | In this blog you will: Learn how to leverage the CrowdStrike Falcon Spotlight™ integrated threat and vulnerability management module to fuse your endpoint telemetry with CISA’s Known Exploited Vulnerabilities Catalog Learn how to use the CrowdStrike Falcon® console to further investigate and take action The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency […] | Vulnerability Threat | ||
|
2022-03-15 12:19:11 | (Déjà vu) cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811) (lien direct) | CrowdStrike cloud security researchers discovered a new vulnerability (dubbed âcr8escapeâ and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from this threat by the […] | Vulnerability Threat | Uber | |
|
2022-03-15 12:19:11 | cr8escape: Zero-day in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811) (lien direct) | CrowdStrike cloud security researchers discovered a zero-day vulnerability (dubbed âcr8escapeâ and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from this threat by the […] | Vulnerability Threat | Uber | |
|
2022-03-07 17:30:49 | PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell (lien direct) | At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 â a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller â to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the […] | Vulnerability | ||
|
2022-02-23 13:31:21 | CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility (lien direct) | Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to […] | Vulnerability Threat | ||
|
2022-02-18 00:23:28 | How to Automate Workflows with Falcon Spotlight (lien direct) | Introduction Falcon Spotlight leverages the existing Falcon Agent to assess the status of vulnerabilities across the environment. While visibility and filtering capabilities are part of the user interface, this article will document integration options that CrowdStrike provides to help customers effectively operationalize Spotlightâs vulnerability findings. Video ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ Remediation Orchestration Using Falcon Fusion workflows, organizations can […] | Vulnerability | ||
|
2022-02-09 23:19:06 | February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates (lien direct) | Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the Windows Kernel, should be closely monitored as the situation continues to unfold. Separate from the patches offered this month, Microsoft has strongly suggested an […] | Vulnerability | ||
|
2022-02-04 15:55:47 | How to Protect Cloud Workloads from Zero-day Vulnerabilities (lien direct) | Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if theyâre able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this […] | Vulnerability Patching | ||
|
2022-02-01 22:37:35 | Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034) (lien direct) | In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due to a flaw in a component of Polkit â pkexec â a local privilege escalation vulnerability exists that, when exploited, will allow a standard […] | Vulnerability | ||
|
2021-12-29 07:23:08 | OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (lien direct) | Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit â a new access vector among a sea of many others. Adversarial behavior post-exploitation remains […] | Vulnerability | ||
|
2021-12-22 12:28:37 | CrowdStrike Launches Free Targeted Log4j Search Tool (lien direct) | The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you […] | Tool Vulnerability Threat | ||
|
2021-12-21 20:12:46 | CrowdStrike Services Launches Log4j Quick Reference Guide (QRG) (lien direct) | The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, […] | Vulnerability Threat | ||
|
2021-12-15 09:42:18 | How CrowdStrike Protects Customers from Threats Delivered via Log4Shell (lien direct) | Log4Shell, the latest critical vulnerability, found in the Log4j2 Apache Logging Services library, poses a serious threat to organizations Active attempts to exploit the vulnerability were identified in the wild, currently making it the most severe threat CrowdStrike utilizes indicators of attack (IOAs) and machine learning to protect our customers CrowdStrike continues to track and […] | Vulnerability Threat | ||
|
2021-12-10 09:57:34 | Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228) (lien direct) | Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting the Log4j2 utility was reported, resulting in several fixes and code revisions from the vendor. The Log4j2 library is used in numerous Apache frameworks services, and as of Dec. 9, […] | Vulnerability | ★★★★ |
1
We have: 34 articles.
We have: 34 articles.
To see everything:
Our RSS (filtrered)
