North Korean Hacker Group Andariel Strikes with New EarlyRat Malware

The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in phishing attacks, adding another piece to the group's wide-ranging toolset. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from...

Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range o...

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-44228)

Summary A vulnerability in Apache Log4j CVE-2021-44228 has been identified that may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228: Brief Description Apache L...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j Vulnerability --- --- --- Tutorial: https...

Year in Review: Rapid7 Vulnerability Management

2022 began on a solemn note — many organizations across the globe were recovering from the Log4Shell zero-day vulnerability. For the InsightVM and Nexpose team, 2022 began with a lot of introspection on how we can add more value and keep meeting our customer needs in the best possible ways. This...

Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)

Summary The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and...

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited...

Log4j: One Year Later

One year ago, the Log4j remote code execution vulnerability known as Log4Shell CVE-2021-44228 was announced. The critical severity level vulnerability in a logging framework used across virtually all Java environments quickly set the internet on fire when it was released and exploited. It’s...

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual...

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...

Iranian hackers leveraged Log4Shell to penetrate US federal agency

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell CVE-2021-44228 to install XMRig crypto mining software on an unpatched VMware...

Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA, come in...

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...

Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)

Summary Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library. Please see...

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possibl...

Why Log4Text is not another Log4Shell

The Apache Software Foundation has acknowledged a vulnerability in Apache Commons Text, a library focused on algorithms for string manipulation. The vulnerability has been assigned CVE-2022- 42889, but security researchers have dubbed it Log4Text. The name provides an immediate association with...

New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889

Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and publish...

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat APT actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report...

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...