A combination attack that exploits the Log4j vulnerability and VMware to deliver ransomware

I have published a lot on the log4j and log4shell exploits and vulnerability. CISA issued a special warning about the long term impact of the issue: CISA advisory for continued exploitation of Log4Shell in VMware Horizon Systems – Smart Thinking Solutions Here is another real world example of the exploitation …

Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory. How this type of mistake can impact your cyber security and steps to protect yourself.

code

The US Cybersecurity and Infrastructure Security Agency has added a new vulnerabilities to it’s Known Exploited Vulnerabilities Catalog. CISA Adds One Known Exploited Vulnerability to Catalog | CISA This is an interesting issue, as credentials had been hard coded into the application: “Atlassian Questions For Confluence App has hard-coded credentials, …

CISA Log4Shell examination

The US Government Cybersecurity and Infrastructure Security Agency has published a report examining the malware that infected an organisation with unpatched Log4Shell vulnerability in a VMware Horizon server. CISA Releases Log4Shell-Related MAR | CISA

Advice from the National Cyber Security Centre and the UK Government – actions to take when the cybersecurity risk is high (Russia Ukraine Conflict) – UPDATED 2 May 2023

cyber security logo

This post was originally made on 2 March 2022. It will be updated as the Russian Ukraine Conflict develops and will highlight the cyber security issues facing organisations and individuals at this time. The National Cyber Security Centre (NCSC) is advising all UK organisations to review and improve their cyber …