Cybersecurity Starts in the Boardroom
The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …
Continue reading “As predicted Log4j is going to be a problem for a long time”
It seems a long time ago that the Log4Shell vulnerability was discovered. A vulnerability that had far reaching consequences as many systems used this framework for their logging functionality. The US Cybersecurity and Infrastructure Security Agency(CISA) with the United States Coast Guard Cyber Command (CGCYBER) has issued an advisory of …
Continue reading “Log4Shell is still an exploited vulnerability”
The US Cybersecurity and Infrastructure Security Agency has added one new vulnerability to it’s Known Exploited Vulnerabilities Catalog and issued three advisories: CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog | CISA CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities | CISA CISA Releases Security Advisory on …
Continue reading “CISA adds one known vulnerability to it’s database and other advisories”
The EnemyBot malware had added VMware and F5 critical flaws to it’s attack vectors: EnemyBot malware adds enterprise flaws to exploit arsenal • The Register The worse thing about this malware, (other than if it infects your systems), is that the “unarmed” code is available on Github.
A new malware strain known as Cheerscrypt or Cheers, is targeting a VMware enterprise virtualisation tool – VMware ESXi systems. Ransomware Cheerscrypt targets VMware ESXi systems • The Register
