It is a while since the Log4j issue made the tech news – but recent research has shown that many apps that rely on this module are still using a version vulnerable to attack. Over 30% of Log4J apps use a vulnerable version of the library – BleepingComputer Your takeaway …
Log4shell – the vulnerability that is inside many software packages – just ask VMware – is here to stay
The SolarWinds attack, where the threat actors got inside SolarWinds’ systems and added their malicious code to a legitimate software update, so having SolarWinds distribute this malware to many of its high and low profile customers around the world, seems a long time ago now. But at least in this …
Ransomware, the how and where and what your first step is in defending against it…
Here are a couple of stories showing that ransomware hits large and small organisations: Luxembourg energy companies struggling with alleged ransomware attack, data breach – The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint – The Record by Recorded Future The Bromford …
A combination attack that exploits the Log4j vulnerability and VMware to deliver ransomware
I have published a lot on the log4j and log4shell exploits and vulnerability. CISA issued a special warning about the long term impact of the issue: CISA advisory for continued exploitation of Log4Shell in VMware Horizon Systems – Smart Thinking Solutions Here is another real world example of the exploitation …
CISA Log4Shell examination
The US Government Cybersecurity and Infrastructure Security Agency has published a report examining the malware that infected an organisation with unpatched Log4Shell vulnerability in a VMware Horizon server. CISA Releases Log4Shell-Related MAR | CISA
CISA advisory for continued exploitation of Log4Shell in VMware Horizon Systems
The Log4j and Log4Shell vulnerability and exploits are being actively used by threat actors. CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems | CISA As predicted Log4j is going to be a problem for a long time – Smart Thinking Solutions
As predicted Log4j is going to be a problem for a long time
The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …
Continue reading “As predicted Log4j is going to be a problem for a long time”