Posts Tagged ‘Secure By Design’

Organizations should fear misconfigurations more than vulnerabilities

Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered thatĀ misconfigurationsĀ and exposures represent 88% of the risks and vulnerabilities […]

Comments (2)

While attackers begin exploiting a second Log4j flaw, a third one emerges

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects Log4j […]

Leave a Comment

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

New versions of Log4j The recent discovery of a second Log4j vulnerability (CVE-2021-45046) has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This vulnerability could allow attackers to craft malicious input data using a JNDI Lookup pattern, resulting in a denial of service (DoS) attack. ā€œNote […]

Leave a Comment