A newly discovered vulnerability in a incredibly popular Java logging library, log4j, was made public today. The ease of exploitation appears to be relatively low while the severity is critical, with successful exploitation resulting in remote code execution. The issue has been assigned the CVE number CVE-2021-44228 and is being called Log4Shell. What is affected?Apache […]
3. Employees Dana Wills, information security consultant at Asteros, says the top data security threat comes from lack of proper employee security awareness training. Untrained employees are more likely to fall victim to social engineering and phishing attacks, which are the most common ways attackers breach organizations. “All employees and contractors should undergo training on […]
“Attribution for the reported attack on REvil will be difficult, said Dana Wills, an information security consultant for Asteros, a cybersecurity vendor. “In this case, with Russia under pressure to act, threats from the U.S. government to take down the group, incentives of rival hacking groups, and possible insider threats within the organization, it may never […]
Cisco has announced there will be no patch released for a critical security vulnerability discovered in their Small Business line of routers, as the affected devices reached their end of life in 2019. The critical issue, CVE-2021-34730, affects the Universal Plug-and-Play (UPnP) service and could allow unauthenticated attackers execute commands on the router or cause […]
Several Cisco switches suitable for small business use have been found to be vulnerable to a serious security issue that could result in attackers gaining unauthorized access to the management console. While Cisco reports that no exploits for this vulnerability (CVE-2020-3297) have yet been seen, the nature of this issue suggests a proof of concept […]
After Microsoft’s largest ever single-month release of CVEs, two additional security updates have now been pushed. These emergency patches are to fix remote code execution issues the Windows Codecs Library, CVE-2020-1425 and CVE-2020-1457. Severity and Exploitability With a severity rating of Critical and Important, these could allow attackers to take control of affected systems by […]