Attackers test “CAB-less 40444” exploit in a dry run
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
An updated exploit takes a circuitous route to trigger a Word document into delivering an infection without using macros
China and Russia, Kinsing miner botnet dominate sources of exploit attempts.
The critical vulnerability in Apache’s Log4j Java-based logging utility (CVE-2021-44248) has been called the “most critical vulnerability of the last decade.” Also known as Log4Shell, the flaw has forced the developers of many software products to push out updates or mitigations to customers. And Log4j’s maintainers have published two new versions since the bug was discovered—the second completely eliminating the…
Read more
The final Patch Tuesday of the year is here, and while Log4J may have cast a very long shadow over this month, Microsoft has released fixes for 64 more vulnerabilities in its software products, including 16 Chromium-based bugs in the Edge browser that were already patched in updates pushed since last month. Some of the…
Read more