Collaborate Disseminate
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in at… Continue reading Log4Shell exploitation: Which applications may be targeted next?
We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. They’re a threat actor’s dream, creating the perfect storm of downtime and pan… Continue reading The not so scary truth about zero-day exploits
The anatomy of Log4Shell By now, we are all familiar with the fact that Log4Shell is just about as critical as a critical vulnerability can get – scoring a 10 out of 10 on the National Institute of Standards and Technology’s CVSS severity scale. As it … Continue reading Qualys platform study: Log4Shell, the menace continues
The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. 61% of organizations responding to the latest Neustar International Security Council (NISC) survey, conducted in … Continue reading Security leaders want legal action for failing to patch for Log4j
Fortinet’s threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable. In addition, the expa… Continue reading Cybercrime getting more destructive, remote workers in the crosshairs
(ISC)² published the results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. Cybersecurity professionals from around the globe shared their experiences and opinions, revealing the severity and lo… Continue reading How Log4Shell remediation interfered with organizations’ cybersecurity readiness
Google Cloud is seeing 400,000 scans per day for systems vulnerable to the Log4Shell bug, the company said Tuesday. The findings — released as part of the company’s semi-regular Threat Horizons report — show that IT security professionals need to “keep paying attention to this, because the scans keep coming, and if you leave one vulnerable instance open, you’re going to be found,” Phil Venables, the chief information security officer at Google Cloud, told CyberScoop. That said, the companies interacting with Google Cloud have “been very much on top of this,” according to Venables. The warning comes as a reminder, however, to security professionals to keep doing the work of finding the devices and software vulnerable to the Log4Shell bug, which affects versions of the widely used Log4j logging software that haven’t been patched since early December. Shane Huntley, the head of Google’s Threat Analysis Group, said that the daily […]
The post Google Cloud offers good news and bad news on Log4Shell, other issues appeared first on CyberScoop.
Continue reading Google Cloud offers good news and bad news on Log4Shell, other issues
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one… Continue reading Log4Shell: A retrospective
Unknown attackers have been exploiting a 0-day attack against the Zimbra e-mail suite. Researchers at Volexity first discovered the attack back in December of last year, detected by their monitoring …read more Continue reading This Week in Security: Zimbra, Lockbit 2, And Hacking NK
When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address. It’s… Continue reading Log4j exploitation risk is not as high as first thought, cyber MGA says