Many organizations affected by Log4j’s zero-day vulnerability with mass internet scanning detected, suggesting the remote code execution flaw was actively targeted in the wild.
New studies from FireEye Mandiant Threat Intelligence and Google’s Project Zero found that 2021 was a record year for zero-day vulnerabilities, more than doubling the amount seen in 2020.
The patch comes as attempts to exploit the zero-day vulnerability began to ramp up worldwide, and was badly needed as there were no other viable remediation techniques to stop remote code execution.
Microsoft Exchange zero-day vulnerabilities affect an estimated 250,000 on-premise servers. The company is aware of attacks involving a single state-sponsored group that compromised less than ten organizations.
Nation-state attacks on critical infrastructure and cyberespionage, and password attacks from ordinary cybercriminals increased tremendously within a year, according to Microsoft report.
A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Google researchers present markers found in its code including a script that is signed by the company.
File transfer services play crucial roles in securing business and government operations, but companies must be aware of the inherent risks and adopt mitigations to safeguard against those risks.
A dozen Norwegian government ministries suffered a cyber attack exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the Norwegian National Security Authority (NSM) has disclosed.