August 22, 2024 at 11:51AM Log4j zero-day exploits continue to be a threat despite being discovered two years ago. Cybercriminals are still targeting unpatched corporate systems, deploying malware scripts and crypto-currency miners. Nation-state actors have incorporated Log4j exploits into their toolkits, and eradicating the issue is challenging due to software dependencies. Datadog Security Labs recently … Read more
June 7, 2024 at 10:09AM The tech industry faced wake-up calls in 2020 and 2021 with incidents like SolarWinds, Log4j, and Kaseya’s VSA, emphasizing the critical need to refine response strategies to vulnerabilities and supply chain attacks. Both large and small organizations must prioritize comprehensive asset inventories and software bills of materials to effectively respond … Read more
December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security … Read more
December 11, 2023 at 09:12AM The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting Log4j security flaws to deploy remote access trojans. Cisco Talos named the operation “Operation Blacksmith,” noting the use of DLang-based malware families. The group’s tactics overlap with Andariel, targeting various sectors and using NineRAT through a … Read more