Other cyber security stories have really overtaken the log4j/log4shell issue, but it is still out there and sometimes, because developers are so dependent on the framework, patches lead to more issues. Here is an example where even the biggest organisations have problems: Amazon Web Services Log4j patches blew holes in …
The blockchain is not the end of the security process – UPDATED
This post was originally made on 30 March 2022 web3 (with a lowercase “w” of course) and its use of blockchain for better cybersecurity seems like a good idea. However here is another “profitable” cyber-attack on the technology – exploiting the processes to get into the secure systems. Ethereum sidechain …
Continue reading “The blockchain is not the end of the security process – UPDATED”
Be very careful when you log-in online – things may not be what they seem
This browser-in-the-browser (BitB) is a technique for deceiving the user into thinking they are using a legitimate online login screen, such as when you log in to Microsoft 365 or Google Workspace. This browser-in-the-browser attack is perfect for phishing • The Register Behold, a password phishing site that can trick …
Continue reading “Be very careful when you log-in online – things may not be what they seem”
Amplification of DDoS attacks – bad news day
With the current conflict between Russia and Ukraine taking up bandwidth on the internet this new technique for exponentially expanding the effectiveness of a distributed denial of service attack against website is not good news. New method that amplifies DDoSes by 4 billion-fold. What could go wrong? | Ars Technica …
Continue reading “Amplification of DDoS attacks – bad news day”
Dirty Pipe – the next in what is becoming a procession of Linux vulnerabilities and this one is bad
This is a high-severity vulnerability in the Linux kernel that could allow untrusted users root access. Linux has been bitten by its most high-severity vulnerability in years | Ars Technica Linux distributions patch kernel privilege escalation flaw • The Register Dirty Pipe has been listed among the most serious Linux threats …