Collaborate Disseminate
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. Continue reading Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites. Continue reading Purple Fox Rootkit Dropped by Malicious Telegram Installers
The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. Continue reading 2021 Wants Another Chance (A Lighter-Side Year in Review)
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Continue reading Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
Continue reading Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.
Continue reading Conti Ransomware Gang Has Full Log4Shell Attack Chain
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. Continue reading Third Log4J Bug Can Trigger DoS; Apache Issues Patch
Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. Continue reading Facebook Bans Spy-for-Hire Firms for Targeting 50K People
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
Continue reading ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
Continue reading SAP Kicks Log4Shell Vulnerability Out of 20 Apps