11 Jan 2022

Log4Shell Update from CISA Director Easterly and DHS CISA JCDC Company Updates

Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of the Log4j and Log4Shell vulnerabilities within their organization.  Following is a ‘big picture’ update of CISA press releases, global incidents, and impacts for your review when you come up for air and need to assess more of the strategic challenge ahead with the vulnerability.

Read More
14 Dec 2021

CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners

Relative to other cyber incidents in the last few months, Log4j is proving severely problematic. If you are in the middle of your impact and mitigation assessment, hands down the most important resource available is the webpage CISA launched yesterday to address the current Log4j activity. Per OODA CEO Matt Devost: “This is a great page and we should highlight that it exists for OODA Loop members.  CISA has done a great job here.” Log4j is also the first US-CERT notification to put front and center private sector collaboration through the newly formed DHS CISA Joint Cyber Defense Collaborative (JCDC).

Read More
06 Jul 2020

Apache Guacamole Vulnerabilities Facilitate Attacks on Enterprises

According to researchers at Check Point security, remote code execution and information disclosure vulnerabilities in Apache Guacamole, an HTML5 web application, can pose a significant threat to users. Researchers found that the flaws can be leveraged by threat actors targeting enterprises. Apache Guacamole is used on a broad range of

Read More
16 Aug 2019

Apache Struts Called Out For Incorrect Security Advisories

Apache Struts has repeatedly provided incorrect and incomplete information in the security advisories for the popular open-source web application framework, new research by Synopsys has found. 24 of the 57 security advisories that were covered by the study contained errors in terms of the Apache Struts versions that were said

Read More