As predicted Log4j is going to be a problem for a long time

The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …

CISA adds one known vulnerability to it’s database and other advisories

The US Cybersecurity and Infrastructure Security Agency has added one new vulnerability to it’s Known Exploited Vulnerabilities Catalog and issued three advisories: CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog   | CISA CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities | CISA CISA Releases Security Advisory on …

Another botnet expanding it’s malicious capabilities

The EnemyBot malware had added VMware and F5 critical flaws to it’s attack vectors: EnemyBot malware adds enterprise flaws to exploit arsenal • The Register The worse thing about this malware, (other than if it infects your systems), is that the “unarmed” code is available on Github.

Ransomware targets VMware

A new malware strain known as Cheerscrypt or Cheers, is targeting a VMware enterprise virtualisation tool – VMware ESXi systems. Ransomware Cheerscrypt targets VMware ESXi systems • The Register