New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

How to fix CVE-2022-32893 and CVE-2022-32894 in Apple

Over the weekend, the security industry faced two critical zero-days for Apple products. Both CVE-2022-32893 and CVE-2022-32894 could potentially lead to remote code execution on Apple devices and should be urgently addressed. Let’s explore what we know so far, and the steps you should follow to mitigate the risk. What are CVE-2022-32893 and CVE-2022-32894? The… Continue reading How to fix CVE-2022-32893 and CVE-2022-32894 in Apple

CVE-2022-26136 and CVE-2022-26137 – fixing the Atlassian vulnerabilities

Atlassian makes the headlines again. After the disclosure of Confluence’s Romote-code execution vulnerability (CVE-2022-26134), Atlassian has released multiple security advisories of critical vulnerabilities. Together with the CVE-2022-26138 announcement, an advisory for two vulnerabilities – CVE-2022-26136 and CVE-2022-26137 – was also released. While CVE-2022-26134 and CVE-2022-26138 affect only the Confluence app, these new CVEs affect multiple… Continue reading CVE-2022-26136 and CVE-2022-26137 – fixing the Atlassian vulnerabilities

Linux vulnerability trends (July 2022)

At Vulcan Cyber, we spend a lot of time researching vulnerabilities and making the community aware of them, especially through Vulcan Remedy Cloud, our popular free resource where we share expert-curated vulnerability solutions. This makes us very aware of emerging trends and what direction the threat environment seems to be moving in. Overall, the most… Continue reading Linux vulnerability trends (July 2022)

Apple vulnerability trends for 2022

Many IT pros hold the mistaken belief that macOS is safer than either Windows or Linux. But Apple vulnerability trends show otherwise. It’s easy to see why Windows and Linux are the most frequently targeted by cyber criminals. With 74.79% market share, Windows is nearly ubiquitous; almost every organization is running some Windows systems. Linux… Continue reading Apple vulnerability trends for 2022

From rumors to PoC: how to easily win CVE-2022-22954

Sequence of events  It began in March 23, when our research team first started investigating the mysterious report of an emerging remote code execution (RCE) vulnerability in a VMware product, without much initial information to go by.  This tweet left us intrigued while the report did not reveal the potential vulnerable component, but did approve… Continue reading From rumors to PoC: how to easily win CVE-2022-22954

How to fix CVE-2022-1096

A new zero-day vulnerability – this time targeting all Chromium-based browsers – has emerged recently, with Google issuing an emergency update to affected users. CVE-2022-1096 was acknowledged by Google on March 25th, but the company did not provide extensive details about the vulnerability. Here’s everything you need to know.  What is the CVE-2022-1096 vulnerability? After… Continue reading How to fix CVE-2022-1096

What happens when bug bounties don’t work?

Microsoft recently slashed payments through its bug bounty programs — and some of the ethical hackers they’ve been paying to find vulnerabilities might not be so ethical after all. Bug bounties give researchers an incentive to report vulnerabilities directly to software vendors. That way, vendors can release patches and ensure that customer data is secure.… Continue reading What happens when bug bounties don’t work?

CVE-2022-21907 – what you need to know

We’re just a few weeks into 2022, and we already have a new critical vulnerability to face. On the first Patch Tuesday of the year, Microsoft released the CVE-2022-21907 security update.  Without much explanation from the vendor (“HTTP Protocol Stack Remote Code Execution Vulnerability”), the vulnerability was scored with a 9.8 critical CVSS score and… Continue reading CVE-2022-21907 – what you need to know

Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments

Note on CVE-2021-44228 and CVE-2021-45046: On December 14, 2021, Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). Fortunately, the solutions described below address both CVE-2021-44228 and CVE-2021-45046, without the need to… Continue reading Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments