Preemptive Strategies to Stop Log4j and Its Variants
Zero trust is key to not falling victim to the next big vulnerability.
Threat actors steal $80 million per month with fake giveaways, surveys
Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake…
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers…
Meta sues people behind Facebook and Instagram phishing
Meta (formerly known as Facebook) has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram,…
FBI: State hackers exploiting new Zoho zero-day since October
The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking…
Conti ransomware gang exploits Log4Shell bug in its operations
The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware […] The…
Log4j vulnerability now used to install Dridex banking malware
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking…
Phishing attacks impersonate Pfizer in fake requests for quotation
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. [...]
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last…
The Week in Ransomware – December 17th 2021 – Enter Log4j
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat…