I have written a couple of time about the vulnerabilities in VMware – they are patched now but the article below shows there are groups still trying to attack those organisations, slow to patch, with an active exploit. Iran’s Rocket Kitten likely behind VMware exploitation • The Register Why bother. …
Ever Surf closes the door before the horse bolted
Here is a good news cyber-security story – the fix was in before the vulnerability was exploited (hopefully). Flaw could have let baddies access Ever Surf crypto wallets • The Register Everscale blockchain wallet shutters web version after vulnerability found – The Record by Recorded Future What can a hacker …
Continue reading “Ever Surf closes the door before the horse bolted”
Java vulnerabilities to look out for – Spring4Shell – UPDATE 23 April 2022
This story was first published on 31 March 2022 and Updated on 5 April 2022 Update 26 April 2022 There has been a steady increase in the number of active attacks against this and related vulnerabilities: Hackers hammer SpringShell vulnerability in attempt to install cryptominers | Ars Technica This is …
Continue reading “Java vulnerabilities to look out for – Spring4Shell – UPDATE 23 April 2022”
AWS and Log4j – patches break security
Other cyber security stories have really overtaken the log4j/log4shell issue, but it is still out there and sometimes, because developers are so dependent on the framework, patches lead to more issues. Here is an example where even the biggest organisations have problems: Amazon Web Services Log4j patches blew holes in …
Oracle Patches
If you have anything from software provider Oracle – then it is time to get patching. Oracle Critical Patch Update Advisory – April 2022 Time to get patching: Oracle’s quarterly Critical Patch Update arrives with 520 fixes | ZDNet Oracle Releases April 2022 Critical Patch Update | CISA Oracle Java …