The Log4j and Log4Shell vulnerability and exploits are being actively used by threat actors. CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems | CISA As predicted Log4j is going to be a problem for a long time – Smart Thinking Solutions
As predicted Log4j is going to be a problem for a long time
The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …
Continue reading “As predicted Log4j is going to be a problem for a long time”
Log4Shell is still an exploited vulnerability
It seems a long time ago that the Log4Shell vulnerability was discovered. A vulnerability that had far reaching consequences as many systems used this framework for their logging functionality. The US Cybersecurity and Infrastructure Security Agency(CISA) with the United States Coast Guard Cyber Command (CGCYBER) has issued an advisory of …
Continue reading “Log4Shell is still an exploited vulnerability”
Our trust in public code – UPDATED 24 May 2022
The original post was made on 12 May 2022 Update 24 May 2022 Python is a popular coding language and many code libraries exist to make the programmer’s life a little easier. But as indicated in the articles below if that open source code becomes popular, then it also becomes …
Continue reading “Our trust in public code – UPDATED 24 May 2022”
Joint advisory on the top exploits
The UK’s National Cyber Security Centre with it’s partners in the Five Eyes, has issued an advisory for the top exploited software vulnerabilities in 2021 – meaning they could continue being the top exploits in 2022. 2021 Top Routinely Exploited Vulnerabilities | CISA Microsoft Exchange server, VMware, SonicWall and Log4j …