Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-d...

Security Bulletin: IBM Maximo Application Suite is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache log4j 2 library is used by IBM Maximo Application Suite internal components. This bulletin provides remediation for the Apache log4j 2 vulnerability CVE-2021-44228 by applying a new Maximo Application suite fixpack. The fix includes Apache Log4j2 2.15.0. Vulnerability Details CVEID...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)

Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...

What's New in InsightVM and Nexpose: Q4 2021 in Review

Greetings, fellow security professionals. As we enter into the new year, we wanted to provide a recap of product releases and features on the vulnerability management VM front for Q4 2021. Let's start by talking about the elephant in the room. The end of last year was dominated by Log4Shell, the...

Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal

CVE-2021-44228 rules everything around us — or so it seemed, at least, for those breathless days in December 2021 when the full scope of Log4Shell was starting to take hold and security teams were strapped for time and resources as they scoured their organizations' environments for vulnerable...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

l4srs Rust implementation of the Log 4 Shell log 4 j - CVE-20...

How InsightAppSec Detects Log4Shell: Your Questions Answered

If you’re reading this, that means you survived the year 2021, so congratulations! For everyone in the software industry, and especially those in cybersecurity, the past 12 months probably felt like 12 rounds in the ring. Remember the Solarwinds attack and the resulting scramble to mitigate suppl...

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privilege escalation vulnerability affecting the Windows Encrypted File System EFS. The vulnerability was credited to James Forshaw of Google Project Zero, but perhaps owing to the Log4Shell atmosphere,...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. Vulnerability Details CVEID: CVE-2021-44228...

Palo Alto Networks PAN-OS for Panorama < 9.0.15 / 9.1.12-h3 / 10.0.8-h8 Multiple RCE (Log4Shell)

The version of Palo Alto Networks PAN-OS for Panorama running on the remote host is 9.0.x prior to 9.0.15, 9.1.x prior to 9.1.12-h3, or 10.0.x prior to 10.0.8-h8. It is, therefore, affected by two remote code execution vulnerabilities related to Log4Shell within the ElasticSearch component. These...

Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency CISA, stated in a public news interview that the now-infamous Log4j flaw is the “the most serious vulnerability that she has seen in her career.” It’s not a stretch to say the whole security industry would agree...

Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation

Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group...

openSUSE: Security Advisory for logback (openSUSE-SU-2021:4109-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Metasploit Weekly Wrap-Up

I'm sure you know what's coming, more Log4Shell For those wondering when the Log4Shell remediation nightmare will end, I'm afraid I can't give you that. What I can give you, though, is a new Log4Shell module! With the new module from zeroSteiner you can expect to get unauthenticated RCE on the...