Adobe released a new security update for ColdFusion 2023 and 2021 last week. This most recent update is described as a proactive security hardening that will “offer a more complete resolution to some of the vulnerabilities addressed in the 3 CF security updates last month.” So while this update is not directly linked to a security bulletin, […]
Read More →Last week, Lucee released new stable versions to address multiple security vulnerabilities affecting all previous software versions. The Lucee team advises updating to the latest stable release, version 5.4.3.2, immediately. If you’re running an older version of Lucee, the following versions have backported stable releases: • 5.3.9.173 • 5.3.8.237 • 5.3.7.59 The Lucee […]
Read More →If you haven’t updated Adobe ColdFusion in the last month, now is a good time to consider updating to the latest version. In July, Adobe released three security patches that are all rated Critical, Priority 1. This carries Adobe’s highest severity rating for vulnerabilities, along with its highest priority patching recommendation that administrators update as […]
Read More →TLDR: Verify that you’re running a secure Linux kernel version. Vulnerability Name: CVE-2022-0847 or “Dirty Pipe” What does it do? This flaw in the Linux Kernel can be easily exploited, giving a local user the ability to overwrite data in read-only files. What operating systems/software versions are affected? Linux Kernel 5.8 and later versions are affected, but it’s […]
Read More →The log4j exploit that came out today affects many Java applications and other apps that use this logging package. It is important that you check to see if any of your applications use log4j, and if they are a version that you should work on patching. Some examples of software that might use and need […]
Read More →TL;DR: If you’re using the plugin, Starter Templates on your WordPress site, make sure you’re using version 2.7.5 or higher. Vulnerability in the Starter Templates Plugin Last month, Wordfence disclosed a vulnerability in the plugin, Starter Templates allowing contributor-level WordPress users the capability of overwriting any page on the website. This vulnerability has been given […]
Read More →Last updated: June 4, 2024 2024 has been a good year so far for cybercriminals. The list of hospitals, schools, businesses, and city governments that have experienced significant data losses and financial damages due to ransomware is still growing. “Software vulnerabilities” has consistently remained one of the top three techniques used to infect systems with […]
Read More →