Advisory issued by cybersecurity agencies shows older vulnerabilities are the most frequently exploited by attackers https://www.fosslife.org/older-vulnerabilities-most-frequently-exploited-attackers #cybersecurity #CISA #Log4j #SystemAdministration #networking

In collaboration with #CISA, #NSA, and #FBI, #FiveEyes #cybersecurity authorities have issued today a list of the 12 most #exploited #vulnerabilities throughout 2022. Covering #Microsoft Exchange, #Fortiney, #Atlassian, #VMWare, and the bugt that ruined christmas.... #Log4J https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-top-exploited-vulnerabilities-of-2022/

@einfachnurRoland

@kuketzblog

Im Unterschied zu Log4J ist es wohl mit einem Update einer Abhängigkeit nicht getan .

Und selbst Log4Shell war schon teilweise mit einigem Aufwand für Nacharbeiten verbunden.

Dieses Problem klingt eher systemisch.

#supergau #itsicherheit #log4j

@heiseonline der Artikel spricht genau das aus, was wir alle seit #Log4j, #Bonify und #MSCloud wissen: man weiß nichts, außer man hat selbst nachgesehen. Letzteres klappt bei OpenSource auch nur theoretisch.
So systemimmament und zwangsläufig diese Probleme bei #Software sind, ist es unerklärlichliches Mysterium, das es Branchen gibt, die funktionieren.

@kuketzblog der letzte #Supergau der #ITSicherheit ist ja schon 1,5 Jahre her.
#log4j

Clients asking us if we are affected by the #MOVEit vulnerabilities. Never heard of it, never used it. But if customers start to ask their suppliers that's an indication of panic. Last time this happened with #log4j #log4shell.

#log4j

📝 "The Log4j vulnerability in plain english"

👤 Jessica Greene (@sleepypioneer)

🔗 https://medium.com/@jessica0greene/the-log4j-vulnerability-in-plain-english-411eb79c0260?source=rss-e8fd94e62002------2

#pyladies #python #security #learntocode #log4j #cybersecurity

I got sick tired of people hammering my web server trying to exploit vulnerabilities on things like #log4j or #wordpress that I don't even run. My list of blocked IPs on #fail2ban was getting out of control, so I took off and nuked the site from orbit (only way to be sure). I blocked ALL IP addresses from China using #iptables and #ipset

#firewall #linux #nginx

📬 Malware-Gefahren im Jahr 2023: Qbot unangefochten auf Platz eins
#ITSicherheit #Malware #AgentTesla #CheckPointSoftware #DirectoryTraversal #log4j #NanoCore #Qakbot #RemoteCodeExecution #RemoteAccessTrojaner https://tarnkappe.info/artikel/it-sicherheit/malware/malware-gefahren-im-jahr-2023-qbot-unangefochten-auf-platz-eins-275138.html

"We're still responding to that hack today," House Homeland Security chairman says about the #Log4j incident as the panel advances legislation on gov use of open-source software

https://therecord.media/house-senate-committees-advance-cyber-bills-aimed-at-open-source-satellite-vulnerabilities

This Week in Security: Oracle Opera, Passkeys, and AirTag RFC https://hackaday.com/2023/05/05/this-week-in-security-oracle-opera-passkeys-and-airtag-rfc/ #HackadayColumns #SecurityHacks #AirTag #Oracle #Log4j #News

This Week in Security: Oracle Opera, Passkeys, and AirTag RFC - There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle ... - https://hackaday.com/2023/05/05/this-week-in-security-oracle-opera-passkeys-and-airtag-rfc/ #hackadaycolumns #securityhacks #airtag #oracle #log4j #news

#CISA warns of #Mirai #botnet exploiting #TPLink #routers
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited #vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.
The other two placed on the list this week involve versions of #Oracle's #WebLogic Server software and the Apache Foundation's #Log4j Java logging library
https://www.theregister.com/2023/05/02/cisa_exploited_flaws_oracle_apache/

This week's episode of Talos Takes has the latest advice from Talos Incident Response on how to prepare for #supplychain cyber attacks. We're here to lend a helping hand to put together everything from a software bill of goods to tabletop exercises to help your organization prepare for the next time a #3CX or #Log4j happens https://www.buzzsprout.com/2018149/12649912

De overheid heeft een nieuwe nationale veiligheidsstrategie opgesteld, waarin #cybersecurity een topprioriteit wordt genoemd. Concreet worden in het rapport onder meer impactvolle #ransomware als #NotPetya genoemd als bedreiging, maar ook de kwetsbaarheid in de wijdverbreid gebruikte #Log4j-software.
https://www.agconnect.nl/artikel/ransomware-krijgt-prioriteit-nationale-veiligheidsstrategie-2023-2029

Log4j programmers, wake up! 15+ months after fixing a critical vulnerability, software still uses the old, broken version. Take it offline & force a fix NOW. Don't wait for a catastrophic data breach to act. Your negligence risks the entire industry. #log4j #softwaresecurity

#Log4Shell: #OpenSource als Gefahr für die Software-Lieferkette | heise online https://www.heise.de/meinung/Log4Shell-Open-Source-als-Gefahr-fuer-die-Software-Lieferkette-7606506.html #Log4j

In the olden days if you had a 1000+ software packages to manage you were a fully fledged operating system with software, nowadays we call this a "web app."

Find out some hard lessons learned over the year from @kurtseifried and @joshbressers on the #osspodcast https://opensourcesecurity.io/2023/03/12/episode-366-software-liability-is-coming/ TL;DR: counting vulnerabilities is both completely stupid, and completely neccesary. The trick is to think about them the right way (hint: statistics, not pets. Except when they are pets like #log4j. Who's a good vulnerability? You are!).

A new threat report from our partner @crowdstrike finds that #cloud exploitation grew by 95%, #hackers continue to exploit #zeroday vulnerabilities like #Log4j, China-nexus espionage surged & more. Read the details: https://www.crowdstrike.com/press-releases/2023-crowdstrike-global-threat-report-reveals-sophisticated-adversaries-re-exploiting-patched-vulnerabilities-moving-beyond-ransomware/
#cybersecurity #cyberaware #CEO #CISO