Log4j

Critical zero-day bug, first since Heartbleed, identified in OpenSSL

Threats and Risks

Critical zero-day bug, first since Heartbleed, identified in OpenSSL

New version to be released 1st November. Organisations should act now to track down OpenSSL 3.0.x in their infrastructure, warns Sonatype

clock 27 October 2022 • 2 min read
After Log4J US lawmakers rush to secure open source software

Open Source

After Log4J US lawmakers rush to secure open source software

The bipartisan Securing Open Source Software Act is a positive development for open source software everywhere

clock 10 October 2022 • 5 min read
The top six exploits and how zero trust can mitigate them

Threats and Risks

The top six exploits and how zero trust can mitigate them

ThreatLocker VP operations explains how stopping illegal conversations between software programs could have prevented exploitation of the major vulnerabilities of the past two years

clock 05 October 2022 • 4 min read
China-backed APT41 compromised US state networks, security firm says

Hacking

China-backed APT41 compromised US state networks, security firm says

Hackers exploited vulnerabilities in internet-facing web applications to infect systems

clock 10 March 2022 • 3 min read
Iranian hackers actively exploiting Log4j vulnerability to compromise VMware Horizon servers

Threats and Risks

Iranian hackers actively exploiting Log4j vulnerability to compromise VMware Horizon servers

After successfully exploiting the bug, they can run malicious PowerShell commands, install backdoors, and steal credentials from infected machines

clock 18 February 2022 • 3 min read
Admins urged to patch SolarWinds Serv-U bug against Log4j attacks

Threats and Risks

Admins urged to patch SolarWinds Serv-U bug against Log4j attacks

Hackers are actively exploiting the bug in the wild, according to Microsoft

clock 21 January 2022 • 3 min read
Fixing Log4Shell: how a university patched all its endpoints over a weekend

Threats and Risks

Fixing Log4Shell: how a university patched all its endpoints over a weekend

It's all about knowing what you have, how the software is interconnected and then getting boots on the ground, says SNHU's endpoint team

clock 13 January 2022 • 4 min read
How to protect your website from Log4j

Security

How to protect your website from Log4j

Follow these six rules to insure yourself against becoming the low-hanging fruit

clock 11 January 2022 • 15 min read
Critical H2 database vulnerability similar to Log4Shell disclosed

Threats and Risks

Critical H2 database vulnerability similar to Log4Shell disclosed

All H2 users should upgrade to the newest version 2.0.206 which is patched for the flaw

clock 11 January 2022 • 3 min read
NHS cyber team sounds the alarm over Log4Shell attacks on VMware software

Threats and Risks

NHS cyber team sounds the alarm over Log4Shell attacks on VMware software

Threat actors can use a two-stage attack to establish a presence on affected networks

clock 10 January 2022 • 2 min read