The US Government Cybersecurity and Infrastructure Security Agency has published a report examining the malware that infected an organisation with unpatched Log4Shell vulnerability in a VMware Horizon server. CISA Releases Log4Shell-Related MAR | CISA
Commercialised cyberweapons
For when you have time, here are two articles from Microsoft looking at cyberweapons: Continuing the fight against private sector cyberweapons – Microsoft On the Issues Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog The view from the US Government Pegasus spyware: Just ‘tip of …
As predicted Log4j is going to be a problem for a long time
The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …
Continue reading “As predicted Log4j is going to be a problem for a long time”
The story of Pegasus spyware continues UPDATED 12 July 2022
This post was first published on 15 June 2022 Update 12 July 2022 President Bidens’ administration’s decision to blacklist the NSO Group is proving to be a problem for L3Harris, a US defence contractor that wants to buy the Pegasus spyware part of the business: L3Harris in move to buy …
Continue reading “The story of Pegasus spyware continues UPDATED 12 July 2022”
Bug bounties being offered by the Pentagon
Bug bounties are a useful way for vendors – and now government departments – to engage with honest, white hat, cyber security experts, to test systems for flaws. DoD issues call for hackers to dig into networks – The Record by Recorded Future
