Security
Headlines
HeadlinesLatestCVEs

Tag

#log4j

'Very Noisy': For the Black Hat NOC, It's All Malicious Traffic All the Time

Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.

DARKReading
Open in Source
#sql#vulnerability#web#google#wordpress#log4j#ibm#sap#wifi
CVE-2023-25832: Portal for ArcGIS Security 2023 Update 1 Patch

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. 

Databricks Platform Cluster Isolation Bypass

The Databricks Platform as of 2023-01-26 suffered from a cluster isolation bypass vulnerability through insecure defaults and shared storage.

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

Categories: Exploits and vulnerabilities Categories: News Tags: Oracle Tags: WebLogic Tags: CVE-2023-21839 Tags: CVE-2023-1389 Tags: CVE-2021-45046 Tags: CISA Tags: reverse shell An easy to exploit vulnerability in Oracle WebLogic Server has been added to the CISA list of things you really, really need to patch. (Read more...) The post Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited” appeared first on Malwarebytes Labs.

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted

Building a Better SBOM

Generating an SBOM is easy. It's generating one that's comprehensive and accurate that's hard.

Qwiet AI Builds a Neural Net to Catch Coding Vulnerabilities

Code property graphs and a threat feed powered by artificial narrow intelligence help developers incorporate AppSec into DevOps.

3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...