[HackerNews] Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack.

Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16.0, which

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] Khonsari ransomware, Iranian group Nemesis Kitten seen exploiting Log4j vulnerability

All posts, ZDNet

Security researchers are finding that attacks are evolving beyond crypto miners. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] Microsoft Patch Tuesday – January 2022 , (Tue, Jan 11th)

All posts, Sans-ISC

Microsoft fixed 126 different CVEs with this month’s update (this includes the Chromium issues patched in Edge). Six of the issues were publicly disclosed, and nine are rated critical.  Noteworthy updates: CVE-2022-21907: This is a remote code execution vulnerability in http.sys. http.sys is part of anything in windows processing HTTP requests (e.g. IIS!). But this […]

Read More

[TheRecord] Data breach at Texas behavioral health center affects more than 24,000

A data breach at Texas behavioral health provider Texoma Community Center affected more than 24,000 people and highlights how timelines for breach notification may lag behind security events—even when the most sensitive information is compromised.  Texoma is a nonprofit that specializes in delivering mental health and substance abuse services. The public notice posted on its […]

Read More