Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services Amazon Web Services has addressed vulnerabilities introduced by the hot patches released in response to the Log4Shell vulnerability in December. Background On April 19, researchers with Palo Alto’s Unit...
Oracle April 2022 Critical Patch Update Addresses 221 CVEs
Oracle addresses 221 CVEs in its second quarterly update of 2022 with 520 patches, including 27 critical updates....
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521) Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency. 9Criti...
VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)
VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products....
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965)....
CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure Vulnerability
Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers....
Cr8escape: How Tenable Can Help (CVE-2022-0811)
CrowdStrike discloses container escape vulnerability affecting CRI-O for Kubernetes. Here’s how Tenable.cs can help you detect vulnerable pods. Background On March 15, CrowdStrike published technical details and a proof-of-concept for CVE-2022-0811, a vulnerability they have named cr8escape, i...
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
Private messages between Conti members uncover invaluable information about how the infamous ransomware group hijacks victims’ systems. Leaked internal chats between Conti ransomware group members offer a unique glimpse into its inner workings and provide valuable insights, including details on o...
Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)
<p>Microsoft addresses 71 CVEs in its March 2022 Patch Tuesday release, including three vulnerabilities that were publicly disclosed as zero-days.</p>...
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups. As governments around the world call for heightened cyber vigilance, the reality of our digital world comes into stark relief: there are no boundaries when it come...
CVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities
SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system takeover. Background On February 8, SAP disclosed several vulnerabilities in the Internet Communication Manag...
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild....