Category: Vulnerability

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called Log4j. The researcher responsibly disclosed his finding to Log4j’s Apache Software Foundation. An additional vulnerability (CVE-2021-45105) was also discovered in a patch released to fix the initial vulnerability. This was then followed with  yet another

Hafnium

Microsoft has released an out-of-band security update for a serious and actively used number of exploits on Microsoft Exchange. They named it Hafnium. The following versions of Exchange Server are affected: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Is this attack connected to the SolarWinds attack?Microsoft has said that it has seen “no

Zoom Has Active Vulnerability

Zoom has an actively exploited vulnerability. Zoom is a “remote conferencing services company headquartered in San Jose, California. It provides a remote conferencing service that combines video conferencing, online meetings, chat, and mobile collaboration” The problem starts when you chat with other meeting attendees and in particular when you sent them a link. If the

Travelex goes offline as it suffers ransomware attack, criminals were demanding $3m

Just before the turn of the year, Travelex, the foreign currency exchange service suspended their online services and took their systems offline after “a software virus was discovered”. They put out the following notice which is still displayed on their web site, 8 days later. A similar notice is shown on their twitter account. The

Capital One

Yes there has been yet another huge data breach. This time it is Capital One which according to Wikipedia “is a bank holding company specializing in credit cards, auto loans, banking and savings accounts headquartered in McLean, Virginia.” According to their statement posted on their website the person in question has been arrested. Rich Mogull