All Log4j, logback bugs we know so far and why you MUST ditch 2.15
Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has set the internet on fire. Below we summarize…
Log4j attackers switch to injecting Monero miners via RMI
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both…
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not…
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security…
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet […] The…
CISA warns critical infrastructure to stay vigilant for ongoing threats
The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and…
Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors
Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability,…
Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security…
New ransomware now being deployed in Log4Shell attacks
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.…
How Do I Find My Servers With the Log4j Vulnerability?
This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228.