Apache Log4j (CVE-2021-44228)
New Cyber Safety Review Board Will Tackle Log4j Debacle First
DHS has launched the long-awaited Cyber Safety Review Board (CSRB) to assess major cybersecurity incidents and make recommendations for improvements. After a year in the making, the CSRB is first setting its ...
IAB Prophet Spider Seizes Opportunity to Exploit Log4j Vulnerability
Attacks by the initial access broker (IAB) group Prophet Spider were found to correlate with exploitation of the recently discovered Log4j vulnerability in VMware Horizon—and a number of indicators of compromise could ...
SEC, FTC Issue Warning on Log4j Vulnerabilities
The U.S. Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) are sending warnings to companies that don’t address the risk from the Log4j vulnerabilities. The FTC in particular has ...
Log4J/Log4Shells Exploit Analysis (CVE-2021-44228)
As a follow up to our other blog post related to CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, we wanted to go into analysis of a log4shells attack. Who ...
Log4Shell – The API Security Challenge
Last week’s Log4Shell vulnerability is a dramatic example of how modern applications, interconnected services and pervasive APIs can create substantial security challenges. As a security researcher who has spent years looking at ...
Ransomware Actors Attack Most Often on Fridays
Criminals are detonating ransomware at targeted organizations seven days a week, leaving enterprises with essentially no time to shore up their security operations. But a recent study revealed that Friday was the ...
