It is a while since the Log4j issue made the tech news – but recent research has shown that many apps that rely on this module are still using a version vulnerable to attack. Over 30% of Log4J apps use a vulnerable version of the library – BleepingComputer Your takeaway …
Log4shell – the vulnerability that is inside many software packages – just ask VMware – is here to stay
The SolarWinds attack, where the threat actors got inside SolarWinds’ systems and added their malicious code to a legitimate software update, so having SolarWinds distribute this malware to many of its high and low profile customers around the world, seems a long time ago now. But at least in this …
Ransomware, the how and where and what your first step is in defending against it…
Here are a couple of stories showing that ransomware hits large and small organisations: Luxembourg energy companies struggling with alleged ransomware attack, data breach – The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint – The Record by Recorded Future The Bromford …
A combination attack that exploits the Log4j vulnerability and VMware to deliver ransomware
I have published a lot on the log4j and log4shell exploits and vulnerability. CISA issued a special warning about the long term impact of the issue: CISA advisory for continued exploitation of Log4Shell in VMware Horizon Systems – Smart Thinking Solutions Here is another real world example of the exploitation …
CISA Log4Shell examination
The US Government Cybersecurity and Infrastructure Security Agency has published a report examining the malware that infected an organisation with unpatched Log4Shell vulnerability in a VMware Horizon server. CISA Releases Log4Shell-Related MAR | CISA