The patch comes as attempts to exploit the zero-day vulnerability began to ramp up worldwide, and was badly needed as there were no other viable remediation techniques to stop remote code execution.
File transfer services play crucial roles in securing business and government operations, but companies must be aware of the inherent risks and adopt mitigations to safeguard against those risks.
New studies from FireEye Mandiant Threat Intelligence and Google’s Project Zero found that 2021 was a record year for zero-day vulnerabilities, more than doubling the amount seen in 2020.
Nation-state attacks on critical infrastructure and cyberespionage, and password attacks from ordinary cybercriminals increased tremendously within a year, according to Microsoft report.
A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Google researchers present markers found in its code including a script that is signed by the company.
Microsoft Exchange zero-day vulnerabilities affect an estimated 250,000 on-premise servers. The company is aware of attacks involving a single state-sponsored group that compromised less than ten organizations.
Many organizations affected by Log4j’s zero-day vulnerability with mass internet scanning detected, suggesting the remote code execution flaw was actively targeted in the wild.
A dozen Norwegian government ministries suffered a cyber attack exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the Norwegian National Security Authority (NSM) has disclosed.