The US government Cybersecurity and Infrastructure Security Agency (CISA) is a great resource for keeping up with the issues with software you may be using. They have highlighted issues with Fortinet and security updates for Cisco: Fortinet Releases March 2023 Vulnerability Advisories | CISA Cisco Releases Security Advisory for IOS …
CISA updates on Apache and two more vulnerabilities added to their database – UPDATED 18 May 2022
The vulnerabilities are for Zyxel firewalls and VMWare Spring Cloud. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA The Apache issue is with Tomcat: Apache Releases Security Advisory for Tomcat | CISA Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability – The Record by Recorded Future
CISA among other urge Apache users to get patching
Apache has issued another patch for a vulnerability in Struts 2 framework for Java applications as the one issued in 2020 did not quite work. Apache says 2-year-old Struts bug wasn’t fully fixed • The Register S2-062 – Apache Struts 2 Wiki – Apache Software Foundation
log4j Timeline to date
Here is an interesting follow-up story on SANS Internet Storm Diary looking at the impact of the log4j issues and some of the exploits used. The Rise and Fall of log4shell – SANS Internet Storm Centre
Log4j exploits and behind the scenes with the Apache patching team
Here is an interesting article from the team at Apache dealing with patching the Log4j problem: The Apache Log4j team talks about the Log4Shell patching process – The Record by Recorded Future But the exploits in the wild are still happening: Threat actor target Ubiquiti network appliances using Log4Shell exploits …
Continue reading “Log4j exploits and behind the scenes with the Apache patching team”