Cybersecurity agencies that are located in the US, UK, Australia, and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. The alert …
Continue Reading about Allies Warn of Iranian Ransom Attacks Using Log4Shell
Microsoft has released a statement warning that a threat actor based in Iran dubbed Mercury is using the well-known Log4Shell flaws that lie in an application created by IT vendor SysAid. The campaign …
Continue Reading about Iranian attackers are using Log4Shell to target organizations in Israel
The Cyber Safety Review Board (CRSB) has recently classified the Log4j security vulnerability as endemic, meaning that it will likely linger and cause issues for years. The report was released earlier …
Continue Reading about Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’
CISA Update: US-CERT NCAS Alert (AA21-265A - Conti Ransomware) The US-CERT National Cyber Awareness (NCAS), Alert AA21-265A entitled "Conti Ransomware" was first released on September 22, …
Recent data-wiping attacks, targeting Ukrainian government agencies and businesses, prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity …
Continue Reading about CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks
[For coverage of the press conference by CISA Director Jen Easterly last week and a general summary of U.S.-based Apache Log4j alerts and mitigation efforts, see our previous post: Log4Shell Update …
Continue Reading about Log4Shell Activity: Non-State Actors (Global)
For coverage of the recent press conference by CISA Director Jen Easterly and a general summary of U.S.-based Apache Log4j alerts and mitigation efforts (including the recent US-CERT and Carnegie …
Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of Log4j vulnerability and Log4Shell exploits within their …
Researchers have detected a critical vulnerability in the H2 open-source Java SQL database that bears similarities to the Log4J vulnerability. However, this flaw does not pose a widespread threat. …
Continue Reading about Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
In June of last year, Cox Media Group (CMG) IT systems and live streams were the targets of a ransomware attack. The Microsoft Threat Intelligence Center (MSTIC) has attributed the attack to an …
