What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline

A RCE vulnerability has forced FromSoftware to take down 'Dark Souls' servers. However, there are more issues that haven't been publicly addressed. The post What We Know About the Vulnerabilities Keeping ‘Dark ...
TLStorm CCPA

TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable

A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these ...
Security Boulevard
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited ...
Oxeye toxic workplace ask chloé

Oxeye Tool Can Counter Log4j Obfuscation Attacks

Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...
Security Boulevard
Log4Shell log4j Remote Code Execution – The COVID of the Internet

Log4Shell log4j Remote Code Execution – The COVID of the Internet

The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed ...
OpenText OCSF WhiteSource Log4j window Proofpoint Open Source Security

WhiteSource Automates Remediation of Log4j Vulnerabilities

WhiteSource this week made good on a promise to add Log4j vulnerability remediation capabilities to both its free and commercial tools for updating open source software components. Susan St. Clair, director of ...
Security Boulevard
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)

UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)

UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart. The previous version of the Vaccine used the ...
Malicious Life Podcast: Operation GhostShell - An Iranian Espionage Campaign

Malicious Life Podcast: Operation GhostShell – An Iranian Espionage Campaign

In July 2021, Nocturnus - the Cybereason Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies globally. Their investigation resulted in the discovery ...
Microsoft

Microsoft Sounds Alarm on Zero-Day Aimed at Office

Hackers are attempting to exploit a remote code execution vulnerability in MSHTML affecting Windows by using specially crafted Office documents, but Microsoft has provided a way for organizations to mitigate the problem ...
Security Boulevard