Due to the nature of the Log4j situation, vulnerabilities will be evolving over an extended period of time. It is our recommendation that all Admins do a daily check of the following web pages, and a periodic check of the CVEs listed herein, which are all being continually updated, to see if there are any […]
UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. As an update to our December 10th and December 14th posts on Log4j, please be advised that although previous alerts advised updating to Log4j version 2.15.0, or higher, version 2.15.0 has […]
UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. As an update to the recent post, Critical Zero-Day Java Vulnerability, please be advised that CISA (Cybersecurity & Infrastructure Security Agency) and its partners have setup a webpage to track the […]
UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. Please be advised that the Java zero-day, dubbed Log4Shell, is being actively exploited. This critical vulnerability affects the Java utility Log4j versions 2.0 – beta9 to 2.14.1, and is being tracked […]
As an update to our prior blog posts on gift card scams, please be advised that gift card scams remain prevalent, and scammers are trying to trick you in new ways. We’ve reported on scammers posing as trusted individuals, groups or charitable organizations, seeking your assistance with gift card purchases, and then asking you for […]
A Server-Side Request Forgery (SSRF) vulnerability, which is being tracked as CVE-2020-40438 impacting Apache HTTP Server 2.4.48 and prior versions has been patched. The CVSS score for this vulnerability is 9/10 (critical). This vulnerability allows unauthenticated malicious actors to force vulnerable HTTP servers to forward requests to arbitrary servers. There are reported exploits, and on […]