Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
By: Ravie Lakshmanan
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy...
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution
By: Ravie Lakshmanan
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform...
New BLISTER Malware Using Code Signing Certificates to Evade Detection
By: Ravie Lakshmanan
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the...
Experts Discover Backdoor Deployed on the U.S. Federal Agency’s Network
By: Ravie Lakshmanan
A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as...
CISA Compliance for 2022
By: The Hacker News
The last several years have seen an ever-increasing number of cyber-attacks, and while the frequency of such attacks has increased, so too has the resulting damage....
Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
By: Ravie Lakshmanan
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the...
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021
By: Ravie Lakshmanan
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly...
Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials
By: Ravie Lakshmanan
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal...
How Extended Security Posture Management Optimizes Your Security Stack
By: The Hacker News
As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities...
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
By: Ravie Lakshmanan
Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into...
