Log4j attackers switch to injecting Monero miners via RMI
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both…
Facebook disrupts operations of seven surveillance-for-hire firms
Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and…
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not…
Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.
Dept. of Homeland Security Launches ‘Hack DHS’ Program
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department's security…
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security…
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet […] The…
CISA warns critical infrastructure to stay vigilant for ongoing threats
The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and…
Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors
Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability,…
Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security…