@barray on Fri Dec 10 16:44:06 UTC 2021 said: &eOuch, the #serious #java #log #bug #rce in log4j is being actively #exploited - perhaps as early as March: https://www.rapid7.com/blog/post/2021/12.. Many #servers are being actively #attacked and #hacked right now. All from using a #logging #library !Man, quite a #serious #java #log #bug #rce found in log4j: https://www.lunasec.io/docs/blog/log4j-z.. This has *massive* ramifications against tonnes of existing #software , including even #minecraft #servers !
Interesting #youtube #video #bug - although it's not entirely clear how it could be #exploited https://realkeyboardwarrior.github.io/se.. I guess it could be used in some kind of #ddos as it massively #multiplies the #effort their end has to do, but pretty easy for them to #patch ...
#apple has now delayed the #csam rollout after pressure from around the world: https://www.macrumors.com/2021/09/03/app.. Still, it is only delayed, not cancelled. Apple can officially not be trusted, this backdoor into your #device *will* be #exploited ... I understand their intentions are good, but even the best of intentions can lead to the worst of #consequences - just look at #communism !
Looks like #atlassian #confluence #cve 2021-26084 is being #exploited in the wild: https://twitter.com/CNMF_CyberAlert/stat.. What a crap chute.
Ouch, that seems like something that can be #exploited pretty easily to get #root https://rachelbythebay.com/w/2021/08/17/.. The joke is, I've seen it a tonne. Hell, some of my stuff is probably #vulnerable to such attacks...