Log4Shell in 2023: big impact still reverberates
Log4Shell hit the market hard at the end of 2021. According to a recent story we published, it's still one of the biggest vulnerabilities, 18 months after it initially appeared. How serious is the threat of Log4Shell in 2023?
Log4Shell continues to haunt us. The exploitation of a vulnerability i... Read more
Google paid out $8.7 million to security researchers for vulnerability discovery and reports
Google reported that its Vulnerability Reward Program awarded $8.7 million for vulnerability rewards found in 2021. Researchers donated $300,000 of the rewards to a charity of their choice, according to a blog by Sarah Jacobus of the Vulnerability Rewards Team at Google.
Compared to 2020, the An... Read more
Update patches actively exploited zero-day in Windows
Microsoft has rolled out a new series of updates for Windows. These updates consist mainly of batches for security problems. One of these vulnerabilities has already been exploited.
The bug in question is CVE-2021-1732. It concerns a bug in Win32k which allowed elevated privileges. ZDNet writes ... Read more
Update for iOS fixes actively exploited zero-days
In an update for iOS, Apple fixes three zero-day vulnerabilities that were being actively exploited. The leaks were found by Google's Project Zero research group.
In addition to iOS, the vulnerabilities were also present in iPadOS, which is largely the same operating system. The new update fixes... Read more
New Windows exploit allows any user to become an admin
A recently patched Windows exploit lets anyone with a network connection obtain full access to the Active Directory domain-controller.
Researchers at Secura have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organizati... Read more
Major security flaw found in 28 antivirus applications
Cybersecurity experts at Rack 911 Labs found a security bug in 28 antivirus applications. Hackers can use an error in the system to delete files, install malware, and cause crashes.
The Rack911 Labs report refers to a "symlink race". A symlink race vulnerability occurs when you link a ... Read more