Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so before a … More What’s behind the record‑high number of zero days?
Exploitation of these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware such as LoJax and ESPecter. UEFI threats can be extremely stealthy and dangerous. · Discovered vulnerabilities: CVE-2021-3970, CVE-2021-3971, CVE-2021-3972. ESET Research strongly advises all owners of Lenovo consumer laptops to go through the list of affected devices and update their firmware. … More ESET Research discovers vulnerabilities in Lenovo consumer laptops exposing users to risk of UEFI malware installation
ESET has detected hundreds of thousands of attack attempts globally that track to the critical Log4Shell vulnerability. Most attack attempts are located in the United States, the United Kingdom, and the Netherlands, yet nearly 180 countries and territories are under fire largely due to the global prevalence of the Log4j software library in systems around … More Log4Shell: ESET blocks hundreds of thousands of attack attempts
Hundreds of thousands of attempts to exploit the vulnerability are under way. In many cases, updating IT systems and patching security vulnerabilities is a quiet matter that business leaders may be little concerned with other than knowing that they have approved a budget for the IT team to get it done. That quiet approach is … More What every business leader needs to know about Log4Shell
The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far. Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging library that … More Log4Shell vulnerability: What we know so far