Secure Planet Training Courses Updated For 2019 - Click Here

There are new available articles, click to refresh the page.

The Hacker News

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

By: Newsroom — February 1^st 2024 at 15:44

The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

The Hacker News

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

By: Newsroom — January 11^th 2024 at 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (CVE-

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By: Paul Ducklin — October 18^th 2022 at 16:26

Third time unlucky. Time to put your patching boots on again...

act-1200

8 months on, US says Log4Shell will be around for “a decade or longer”

By: Paul Ducklin — July 18^th 2022 at 16:57

When it comes to cybersecurity, ask not what everyone else can do for you...

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

By: Paul Ducklin — January 6^th 2022 at 13:44

We're back for 2022 - listen now!

FTC threatens “legal action” over unpatched Log4j and other vulns

By: Paul Ducklin — January 5^th 2022 at 16:37

Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

Log4Shell vulnerability Number Four: “Much ado about something”

By: Paul Ducklin — December 29^th 2021 at 16:12

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By: Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Log4Shell explained – how it works, why you need to know, and how to fix it

By: Paul Ducklin — December 13^th 2021 at 19:41

Find out how to deal with the Log4Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!

“Log4Shell” Java vulnerability – how to safeguard your servers

By: Paul Ducklin — December 10^th 2021 at 16:22

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product