Tag: Bulletin

HomeArchives

Log4j vulnerability: what should boards be asking?

Background The Log4Shell critical vulnerability in the widely used logging tool Log4j has caused concern beyond the cyber security community. This is because Log4j - rather than being a single piece of software - is a software component that’s used by millions of computers worldwide running online services....

Continue Reading  

Apache Log4j Vulnerability Guidance

Background Apache Log4j2 is a ubiquitous library used by millions for Java applications; the library is part of the Apache Software Foundation’s Apache Logging Services project. The vulnerability CVE-2021-44228, disclosed on December 9, 2021, allows for remote code execution against...

Continue Reading  

Alert (AA21-291A) BlackMatter Ransomware : The Dark Side Returns

Background BlackMatter is a new ransomware threat discovered at the end of July 2021. BlackMatter is ransomware-as-a-service (Raas) tool that allows  the ransomware's developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. This malware started...

Continue Reading  

FoggyWeb: SolarWinds Hackers Access Microsoft AD Servers

Background The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. Nobelium, which operates from Russia, is the name given to the threat actor behind...

Continue Reading  

APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks (AA21-092A)

In March 2021 it was observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591. It is likely that the APT actors are scanning for these vulnerabilities...

Continue Reading  

VULNERABILITY SUMMARY REPORT OF MAY, 2019

Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past weeks. The NVD is sponsored by the Department of Homeland...

Continue Reading  

VULNERABILITY SUMMARY REPORT OF APRIL, 2019

Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past weeks. The NVD is sponsored by the Department of Homeland...

Continue Reading