Log4j: What is it and how can you identify it?

written by: Matthew Watkinson, CIO, Secure Sense Log4j CVE-2021-44228 Public Disclosure On Thursday December 9th, 2021, a Remote Code Execution (RCE) vulnerability was disclosed [CVE-2021-44228] affecting the Log4j library in versions between 2.0 and 2.14.1.  Log4j is a heavily utilized logging class used in the Java programming language. Because of the widespread use of the log4j library in various java applications, this vulnerability has had a significant impact in modern infrastructure and...

Read More
What is vulnerability management?

What is Vulnerability Management

Vulnerability Management is the key for a safer future for your organization. It’s safe to say that the WannaCry Ransomware attack was one the worst attacks in recent history, approximately 200,000 devices were infected. Well, what if we told you that this attack could have been easily remediated, I bet you wouldn’t believe us. Well unfortunately that’s the case. The WannaCry Ransomware is just one case of thousands that highlights the...

Read More

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

In November 2016, as part of Fortinet's FortiGuard research work, it was discovered and reported an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the fix for this vulnerability and identifies it as CVE-2017-0104. This vulnerability could lead to remote code execution and is rated as critical by Microsoft. The vulnerability affects Windows Server 2008, 2012,...

Read More

Google Does it Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10. While...

Read More

Almost 200K Websites Affected by the OpenSSL HeartBleed Vulnerability…and counting!

The 'Open SSL HeartBleed' vulnerability was one of the biggest flaws in the Internet's history that affected the core security of as many as two-thirds of the world's servers i.e. half a million servers at the time of its discovery in April 2014. It has been more than two and half years since the discovery of the critical cyber crime OpenSSL Heartbleed vulnerability, but the flaw is still alive as it appears...

Read More

Another Android Vulnerability, Is Anyone Really Surprised?

In the latest saga of Android vulnerabilities, a new malware called “HummingBad” is making its rounds and has already infected over 10 million devices worldwide. According to Check Point, the majority of infected devices are overseas in Asian countries, and approximately 280,000 devices are infected in the United States. While Check Point discovered this malware in February of this year, the number of instances has increased exponentially in the last several...

Read More

Multiple Critical Vulnerabilities Exposed: Time to Update!

On June 28, 2016, Google’s Project Zero Researcher Tavis Ormandy released a blog that published details of multiple critical vulnerabilities with various Symantec products. According to Ormandy, these vulnerabilities, “Don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases, on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption. Symantec has released updates...

Read More

Vulnerability Exposed: Time to Update

A serious vulnerability has been identified, and it's time to update, today. On June 16th, Adobe released a critical update for the Flash Player that fixes several vulnerabilities, including CVE-2016-4171. According to Adobe, if successfully exploited, “this vulnerability could cause a crash, and potentially allow an attacker to take control of the affected system.” Affected versions and solutions can be seen below. Adobe recommends users of the Adobe Flash Player Desktop Runtime for...

Read More

Vulnerability in GNU glibc Affecting Nutanix Products: February 2016

Advisory ID:        Nutanix-sa-003-glibc     CVE-2015-7547 Last Updated:     25 February 2016 Published:           25 February 2016 Version:               1.0 On February 16, 2016 and industry-wide critical vulnerability in the GNU C library (glibc) was publicly disclosed. This Nutanix vulnerability could allow an unauthenticated remote attacker to trigger a stack-buffer overflow that may result in a denial of service (DoS) condition, or allow for the...

Read More

Vulnerability Revealed in Nissan LEAF

On February 24, 2016, Troy Hunt, a Microsoft MVP for Developer Security reported a vulnerability in the remote management APIs for Nissan LEAF. If you have the VIN number of any of the cars, you are able access certain features from across the internet, anywhere in the world. The Nissan LEAF is a fully electric car, popular in countries, like Canada and Norway - that are adopting the green initiative and...

Read More