26 Aug 2024
By Mary

InfoSec News Nuggets 8/26/2024

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware More than two years after the critical Log4j zero-day sparked chaos around the world, organizations are still being hit by exploits pushing crypto-currency miners and malicious backdoor scripts. According to researchers at Datadog Security Labs, opportunistic cybercriminals are still finding targets for ‘Log4Shell’ exploits that evade detection and plant malware scripts on unpatched corporate systems. The Datadog discovery highlights the long tail of risk from critical…
Read More
13 Dec 2021
By Mary

InfoSec News Nuggets 12/13/2021

Hackers start pushing malware in worldwide Log4Shell attacks Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we have compiled the known payloads, scans, and attacks using the Log4j vulnerability. Early Friday morning, an exploit was publicly released for a critical zero-day vulnerability dubbed 'Log4Shell' in the Apache Log4j Java-based logging platform. This vulnerability allows attackers to remotely execute a command…
Read More
10 Dec 2021
By Mary

InfoSec News Nuggets 12/10/2021

‘I need my girlfriend off TikTok’: How hackers game abuse-reporting systems One hundred and forty-seven dollar signs fill the opening lines of the computer program. Rendered in an icy blue against a matte black background, each “$” has been carefully placed so that, all together, they spell out a name: “H4xton.” It’s a signature of sorts, and not a subtle one. Actual code doesn’t show up until a third of the way down the screen.…
Read More