Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
New Log4Shell-like vulnerability impacts H2 Java SQL database
Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.
FTC, SEC raise legal risks surrounding the log4j flaw
The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.
The Apache Log4j vulnerabilities: A timeline
The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.
Exploit chains explained: How and why attackers target multiple vulnerabilities
Here is what you need to know about exploit chain risks, use cases, and mitigation.
How to detect Log4Shell exposure and exploitation
Software dependencies and third-party products make detecting Log4j exploits tough, but this advice and some specialized tools can help.
Second Log4j vulnerability carries denial-of-service threat, new patch available
The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.
4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)
A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.
Log4j mitigation advice for Microsoft security and IT admins
The Log4j vulnerability affects many applications running on Microsoft networks. Use this advice to determine whether your network has been exploited and to mitigate the issue.
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps
The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.
Researchers warn about continuous abuse of unpatched MikroTik routers
Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
New HP MFP vulnerabilities show why you should update and isolate printers
Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.
How to prevent sideloading attacks in Windows and Office 365
A few settings in Windows or Office 365 can help stop users from installing malicious apps on their devices.
Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk
The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.
Update and isolate your Nagios servers now
Recently discovered vulnerabilities in Nagios servers could give attackers broad access to systems and data if exploited.
CISA releases directive to remediate dangerous vulnerabilities across civilian agencies
While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.
5 steps to security incident response planning
Most firms will experience a breach or vulnerability that exposes sensitive data. Minimizing impact on business and reputation depends on having a strong response plan before an incident happens.
