Blog - Cyber Security Informer

a-list-of-vulnerable-products-to-the-log4j-vulnerability

Blog

A List of Vulnerable Products to the Log4j Vulnerability

Heimadal Security

DECEMBER 15, 2021

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. By exploiting this vulnerability present in software apps and services worldwide, being part of the Apache Logging Service, hackers can perform remote code execution attacks (RCE). […].

Software

Software Cybersecurity

Log4Shell Vulnerability is the Coal in our Stocking for 2021

McAfee

DECEMBER 10, 2021

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The impact of this vulnerability has the potential to be massive due to its effect on any product which has integrated the log4j library into its applications.

DNS

DNS Architecture Internet Internet

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

eSecurity Planet

DECEMBER 15, 2021

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Expanding Log4j Attacks.

Ransomware

Ransomware Software DNS Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

How to Respond to Apache Log4j using Cisco Secure Analytics

Cisco Security

DECEMBER 17, 2021

IT and Security professionals worldwide are working to assess and mitigate their exposure to Apache Log4j vulnerability (CVE-2021-44228). To learn more about Cisco’s response, hear from experts, and understand how you can use other Cisco Secure product, please visit Cisco Secure Alert on Apache Log4j page. Exploitation.

Cryptocurrency

Cryptocurrency Network Security

Threat Intelligence and Protections Update Log4Shell CVE-2021-44228

McAfee

DECEMBER 22, 2021

Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 Threat Summary.

Malware

Malware Risk Internet Internet

ProxyNotShell Finally Gets Patched by Microsoft

eSecurity Planet

NOVEMBER 10, 2022

Microsoft’s November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-41082 , the ProxyNotShell flaws disclosed last month. Other Threats Patched Too. impacting the JScript9 scripting language.

Phishing

Phishing Malware Cybersecurity Network Security

The Bug Report – December 2021

McAfee

JANUARY 5, 2022

And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. It was revealed in early December that a path traversal vulnerability allowed an attacker to access local files due to an improper sanitization of “./././” You’ve made it to 2022! Who cares? .

Software

Software Network Security Authentication Internet

SAP Security Patch Day June 2022: Improper Access Control Can Compromise Your Systems Availability

Security Boulevard

JUNE 14, 2022

Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) lists three well known vulnerabilities affecting almost every SAP customer. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) lists three well known vulnerabilities affecting almost every SAP customer.

Cybersecurity

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” ” (Read previous article here.) In this article, Alien Labs is updating that research with new information. Background.

Malware

Malware IoT Authentication Antivirus

One Year Since Log4Shell: Lessons Learned for the next ‘code red’

Fox IT

DECEMBER 12, 2022

To make matters worse, advisories heavily differed in the early hours of the incident, resulting in conflicting information about which products were affected. To make matters worse, advisories heavily differed in the early hours of the incident, resulting in conflicting information about which products were affected.

Software

Software Internet Internet Ransomware

Log4Shell: Reconnaissance and post exploitation network detection

Fox IT

DECEMBER 12, 2021

Log4Shell) vulnerability publication, NCC Group’s RIFT immediately started investigating the vulnerability in order to improve detection and response capabilities mitigating the threat. In addition, a list of indicators of compromise (IOC’s) are provided. In the wake of the CVE-2021-44228 (a.k.a. Background.

DNS

DNS Cyber threats Internet Internet

Announcing the deps.dev API: critical dependency data for secure supply chains

Google Security

APRIL 11, 2023

The deps.dev data set is continuously updated from a range of sources: package registries, the Open Source Vulnerability database , code hosts such as GitHub and GitLab, and the software artifacts themselves. The API is used by a number of teams internally at Google to support the security of our own products.

Software

Software Risk Engineering Internet

Looking back on the Log4j Weekend

Security Boulevard

DECEMBER 22, 2021

By now you’ve probably already heard of the name “Log4j”. Late November this year, a Chinese researcher named Chen Zhaojun privately disclosed to Log4j maintainers that version 2 of Log4j contains a critical vulnerability that allows unauthenticated remote code execution (RCE) in applications that utilize the library.

Software

Software Firewall Authentication Internet

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. It is a critical balance to ensure everyone has a safe experience, while still being able to learn from real world malware, vulnerabilities, and malicious websites. Building the Hacker Summer Camp network, by Evan Basta.

DNS

DNS Wireless Malware Firewall

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

At each conference, we have a hack-a-thon: to create, prove, test, improve and finally put into production new or improved integrations. The Black Hat Network Operations Center (NOC) provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event.

Wireless

Wireless DNS Mobile Technology

A List of Vulnerable Products to the Log4j Vulnerability

Log4Shell Vulnerability is the Coal in our Stocking for 2021

Webinars

Trending Sources

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

Webinars

How to Respond to Apache Log4j using Cisco Secure Analytics

Threat Intelligence and Protections Update Log4Shell CVE-2021-44228

ProxyNotShell Finally Gets Patched by Microsoft

The Bug Report – December 2021

SAP Security Patch Day June 2022: Improper Access Control Can Compromise Your Systems Availability

BotenaGo strikes again – malware source code uploaded to GitHub

One Year Since Log4Shell: Lessons Learned for the next ‘code red’

Log4Shell: Reconnaissance and post exploitation network detection

Announcing the deps.dev API: critical dependency data for secure supply chains

Looking back on the Log4j Weekend

Black Hat USA 2022 Continued: Innovation in the NOC

Black Hat USA 2023 NOC: Network Assurance

Stay Connected