khae · @khae
35 followers · 218 posts · Server bladerunner.social

During a company presentation (July 2023), the person boasted about their ability to find weaknesses.
A prime opportunity to point you to this educational track about the : youtu.be/HNS2ONvA-Vk

How can it be outdated when sales is still going on about it? 😜

#sales #Log4Shell #dance #vulnerability

Last updated 1 year ago

Christian · @apas_csc
41 followers · 1075 posts · Server ruhr.social

Clients asking us if we are affected by the vulnerabilities. Never heard of it, never used it. But if customers start to ask their suppliers that's an indication of panic. Last time this happened with .

#moveit #log4j #Log4Shell

Last updated 1 year ago

FOSSASIA · @fossasia
176 followers · 207 posts · Server floss.social

RT @fossasiasg
Join us for an insightful discussion on how to address systemic issues in the & lessons learned from with expert @juliangordonhk8 from @Hyperledger @theopenssf at Summit 2023 13-15 April eventyay.com/e/7cfe0771/sessio

#softwaresupplychain #Log4Shell #cybersecurity #FOSSASIA #Singapore

Last updated 2 years ago

FOSSASIA · @fossasia
176 followers · 210 posts · Server floss.social

RT @fossasiasg
Join us for an insightful discussion on how to address systemic issues in the & lessons learned from with expert @juliangordonhk8 from @Hyperledger @theopenssf at Summit 2023 13-15 April eventyay.com/e/7cfe0771/sessio

#softwaresupplychain #Log4Shell #cybersecurity #FOSSASIA #Singapore

Last updated 2 years ago

Marcel SIneM(S)US · @simsus
174 followers · 2828 posts · Server social.tchncs.de
Nicolas FrĂ€nkel · @frankel
745 followers · 509 posts · Server mastodon.top
Tesestear · @Tesestear
18 followers · 205 posts · Server tooot.im

RT @HaboubiAnis
Etape 1) Alvaro Muñoz @pwntester presente en 2016 la vulnérabilité

Etape 2) Exploitation de la vulnérabilité / de 2021.

Etape 3) Tout le systÚme est vérolé

Presentation: blackhat.com/docs/us-16/materi

#log4jrce #Log4Shell #cyberpandemie #breakingtheshell

Last updated 2 years ago

Wireshark · @wireshark
2009 followers · 29 posts · Server ioc.exchange

We've just updated the agenda for '23 ASIA with a new class from Sake Blok! His session is titled: ": Getting to know your adversaries"

Sign up today and save on registration: sharkfest.wireshark.org

#sharkfest #Log4Shell #wireshark

Last updated 2 years ago

Developersummit · @developersummit
8 followers · 37 posts · Server mastodon.social

Join Jamie Coleman in-person at April 25-28 to cover the previously unknown history of Central and how it works under the covers. Look under the hood to see how the Central team addresses critical security risks like dependency confusion and security events like : developersummit.com/session/th

#gids #DeveloperSummit #bengaluru #maven #Log4Shell

Last updated 2 years ago

ISMS-Blog · @Roy_ISMS_Blog
16 followers · 329 posts · Server mastodon.social

Ein Jahr nach - Ein Jahr nach der Entdeckung von Log4Shell hinterlÀsst die Schwachstelle noch immer ihre Spuren.

kaspersky.de/blog/log4shell-st

-> Nicht Neues, aber dennoch eine schöne Zustandsbeschreibung. Die Warnung ist aus meiner Sicht mehr als gerechtfertigt, denn sie "hinterlÀsst nicht nur ihre Spuren", sondern ist nach wie vor extrem gefÀhrlich!

#Log4Shell #ismsblog

Last updated 2 years ago

Filip · @hhg
8 followers · 72 posts · Server infosec.exchange

@sophos "[...] only those who fetched the so-called “nightly”, or experimental, version of the software were at risk.
[...] from PyTorch’s report, it seems that the Triton malware executable file specifically targeted 64-bit Linux environments. [...]"

The stolen data is sent as DNS lookup requests to a domain owned by attackers, same as .

Good news is that already remedied the issues, according to the article and most users should've not been hit by it.

It does seem like this type of attack could become more common. I feel like I've just read a couple of weeks ago about this exact threat, of malicious packages being uploaded to pip.

#Log4Shell #pytorch #threatintel #infosec #threathunting #cybersecurity

Last updated 2 years ago

Filip · @hhg
8 followers · 72 posts · Server infosec.exchange

@sophos "[...] only those who fetched the so-called “nightly”, or experimental, version of the software were at risk.
[...] from PyTorch’s report, it seems that the Triton malware executable file specifically targeted 64-bit Linux environments. [...]"

The stolen data is sent as DNS lookup requests to a domain owned by attackers, same as .

Good news is that already remedied the issues, according to the article and most users should've not been hit by it.

#Log4Shell #pytorch

Last updated 2 years ago

Josh Bressers · @joshbressers
952 followers · 660 posts · Server mastodon.social

I just remembered I wrote a parody poem based on The Night Before Christmas for last year. It was certainly a wild time a year ago. Thank goodness this year is way more boring

opensourcesecurity.io/2021/12/

#Log4Shell #OSSPodcast

Last updated 2 years ago

Wireshark · @wireshark
1871 followers · 17 posts · Server ioc.exchange

Just in time for the holidays, we've uploaded another video from '22 US by Sake Blok! He walks us through his experience getting infected with and how he used Wireshark to investigate.

youtu.be/25h6it4I254

#sharkfest #Log4Shell #wireshark #log4j #packetanalysis

Last updated 2 years ago

ISMS-Blog · @Roy_ISMS_Blog
13 followers · 312 posts · Server mastodon.social

Was ist und warum ist sie auch nach einem Jahr noch gefÀhrlich?
kaspersky.de/blog/log4shell-st

#Log4Shell #ismsblog

Last updated 2 years ago

@cnotin we were (are) tracking multiple vulnerabilities that were remote code exploitable and some of them weren't part of .
Also, do you say "LOG FOUR JAY" or "LOG FORGE".
I've heard it both ways.

#log4j #Log4Shell

Last updated 2 years ago

ClĂ©ment Notin :unverified: · @cnotin
481 followers · 43 posts · Server infosec.exchange

I'm seeing many articles about the anniversary which incorrectly talk about the "Log4j" vulnerability.
We've failed at branding this vulnerability properly... so know people confuse it with the library's name.
Are there perhaps people who entirely banned Log4j due to this confusion?

#Log4Shell

Last updated 2 years ago

mle✹ · @mle
355 followers · 107 posts · Server infosec.exchange

wrote a little bit about the vulnerability and how things look one year later. đŸ«Ł

tl;dr: things aren't *bad*, but why aren't they better? a lot of things got patched and upgraded over 2022, but there are still a non-trivial number of potentially vulnerable devices out there.

censys.io/tis-the-season-%F0%9

#log4j #cve #vulnerability #Log4Shell #infosec #internet #censys

Last updated 2 years ago

mle✹ · @mle
410 followers · 122 posts · Server infosec.exchange

wrote a little bit about the vulnerability and how things look one year later. đŸ«Ł

tl;dr: things aren't *bad*, but why aren't they better? a lot of things got patched and upgraded over 2022, but there are still a non-trivial number of potentially vulnerable devices out there.

censys.io/tis-the-season-%F0%9

#log4j #cve #vulnerability #Log4Shell #infosec #internet #censys

Last updated 2 years ago