Microsoft on Monday released an alert on two Active Directory vulnerabilities addressed with the November 2021 Patch Tuesday updates, urging customers to install the available patches as soon as possible, to prevent potential compromise.
Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors
Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.
FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability
The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho’s ManageEngine Desktop Central product.
Facebook Patches Vulnerability Exposing Page Admin Identity
Facebook paid a teenage researcher from Nepal a $4,750 bug bounty reward for a vulnerability that could have been exploited to uncover the identity of a page’s administrator.
Google Finds 35,863 Java Packages Using Defective Log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
VMware Patches Vulnerabilities in Workspace ONE Access
Patches released by VMware to address a couple of vulnerabilities in the Workspace ONE Access authentication solution also resolve the recent Log4Shell security flaw.
Log4j Update Patches New Vulnerability That Allows DoS Attacks
CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to mitigate the Log4j vulnerabilities. The announcement came just before the disclosure of a new flaw affecting the popular logging utility.
Trend Micro Spots Chinese Hackers Targeting Transportation Sector
Since the middle of 2020, a Chinese state-sponsored threat actor called ‘Tropic Trooper’ has been targeting transportation organizations and government entities related to transportation sector, Trend Micro reports.
Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware
The University of Toronto’s Citizen Lab has discovered another player in the private sector mobile spyware business, fingering a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants.
Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability
Severity of Second Log4j Vulnerability Increased to Critical
Russia has been added to the list of nation states targeting the recently disclosed Log4Shell vulnerability, with exploitation attempts linked to several of the country’s cyberespionage groups.












