Monthly Security Digest for December
Every month, we are covering the major security events for our clients. Please find an exclusive selection below.
Microsoft Warns Users to Patch Active Directory Bugs
Microsoft is urging customers to patch two actively exploited vulnerabilities in the Active Directory domain. The vulnerabilities tracked as CVE-2021-42278 and CVE-2021-42287 have a severity rating of 7.5 out of a maximum of 10 and were patched in November Patch Tuesday updates. […]
Zoho ManageEngine Zero-Day Under Active Exploits
Attackers were actively exploiting a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence according to the alert issued from the FBI. The vulnerability tracked as CVE-2021-44515 is an authentication-bypass vulnerability in ManageEngine Desktop Central that can allow an attacker to execute arbitrary code in the Desktop Central server. […]
35,000 Java Packages Affected by Log4j flaw
Security researchers at the Google Open Source Team have discovered more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The researchers had performed a scan on the Maven Central Java package repository and found that 35,863 packages were vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE. 13% of the vulnerable packages have been fixed since the vulnerability has been disclosed.