The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability to it’s Known Exploited Vulnerabilities Catalog: CISA Adds One Known Exploited Vulnerability to Catalog | CISA This vulnerability was addressed in June’s Microsoft Patch Tuesday. Guidance on Applying June Microsoft Patch | CISA
The Most Dangerous Software Weaknesses
The 2022, list of the most dangerous software has been published at Common Weakness Enumeration (CWE): CWE – 2022 CWE Top 25 Most Dangerous Software Weaknesses (mitre.org) Who are CWE: Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. CWE …
Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory
The US Cybersecurity and Infrastructure Security Agency has added eight new vulnerabilities to it’s Known Exploited Vulnerabilities Catalog. CISA Adds Eight Known Exploited Vulnerabilities to Catalog | CISA
Log4Shell is still an exploited vulnerability
It seems a long time ago that the Log4Shell vulnerability was discovered. A vulnerability that had far reaching consequences as many systems used this framework for their logging functionality. The US Cybersecurity and Infrastructure Security Agency(CISA) with the United States Coast Guard Cyber Command (CGCYBER) has issued an advisory of …
Continue reading “Log4Shell is still an exploited vulnerability”
Vulnerabilities, come, get fixed, go and come back…
Vendors put a lot of effort into keeping their software secure from hackable vulnerabilities, with patches and updates, but the threat actors never give up looking. Here is an instance of an old vulnerability in Apple’s Safari web browser coming back: Refactoring code in WebKit resurrected ‘zombie’ security bug • …
Continue reading “Vulnerabilities, come, get fixed, go and come back…”
