Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps, including those used inside just about every enterprise on the planet. The Minecraft servers were the proverbial canary in the coal mine. In the four days since, it's clear Log4Shell is every bit as grave a threat as I claimed. READ MORE...
Researchers from cybersecurity firm Cybereason has released a "vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet. Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs. The software is heavily used in the enterprise, eCommerce platforms, and games, such as Minecraft who rushed out a patched version earlier today. READ MORE...
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. "Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party," the company disclosed today. "Investigations so far confirm that a limited amount of the company's R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, that there may be an impact on the company's operation." READ MORE...
Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known to infosec: spam. READ MORE...
Telehealth platform Doxy.me is fixing an issue that allowed three third-party firms to access the names of some patients' providers, the company told CyberScoop after it notified the company of the problem. The company, which self-reports as holding 30% of the growing U.S. telemedicine market and is currently used by over 1 million providers worldwide, appeared to also be sharing IP addresses and unique device identification numbers with Google, Facebook and the marketing software company HubSpot. READ MORE...
As QBot campaigns increase in size and frequency, researchers are looking into ways to break the trojan's distribution chain and tackle the threat. Over the past few years, Qbot (Qakbot or QuakBot) has grown into widely spread Windows malware that allows threat actors to steal bank credentials and Windows domain credentials, spread to other computers, and provide remote access to ransomware gangs. READ MORE...
A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month. Tracked as CVE-2021-41653, the bug affects the TL-WR840N EU v5 home wireless router devices running firmware iterations up to version TL-WR840N(EU)_V5_171211. TP-Link released an update that patches the flaw on November 12, the same day the flaw was made public. READ MORE...
In this article, we explain the Apache Log4Shell vulnerability in plain English, and give you some simple educational code that you can use safely and easily at home (or even directly on your own servers) in order to learn more. Just to be clear up front: we're not going to show you how to build a working exploit, or how set up the services you need in the cloud to deliver active payloads. READ MORE...