Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw: Report
China’s Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the Log4Shell vulnerability, according to local media reports.
Belgian Military in Five-Day Battle Against Cyberattack
The Belgian military said on Tuesday it had been hit with a cyberattack five days ago and was still battling to restore affected parts of its system.
Military spokesman Olivier Severin told AFP that elements hit by last Thursday’s attack, which contaminated services connected to the internet, were still being analysed and restored.
Microsoft Urges Customers to Patch Recent Active Directory Vulnerabilities
Microsoft on Monday released an alert on two Active Directory vulnerabilities addressed with the November 2021 Patch Tuesday updates, urging customers to install the available patches as soon as possible, to prevent potential compromise.
Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors
Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.
FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability
The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho’s ManageEngine Desktop Central product.
Facebook Patches Vulnerability Exposing Page Admin Identity
Facebook paid a teenage researcher from Nepal a $4,750 bug bounty reward for a vulnerability that could have been exploited to uncover the identity of a page’s administrator.
Google Finds 35,863 Java Packages Using Defective Log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
VMware Patches Vulnerabilities in Workspace ONE Access
Patches released by VMware to address a couple of vulnerabilities in the Workspace ONE Access authentication solution also resolve the recent Log4Shell security flaw.
Log4j Update Patches New Vulnerability That Allows DoS Attacks
CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to mitigate the Log4j vulnerabilities. The announcement came just before the disclosure of a new flaw affecting the popular logging utility.