August 20, 2024 at 06:40AM The article discusses the evolving cyber threat landscape and the importance of understanding and mitigating these threats, using the Log4Shell vulnerability as an example. It explores the mechanics of the attack and the value of Application Detection and Response (ADR) technology in safeguarding against such sophisticated attacks. The article also … Read more
February 4, 2024 at 12:19PM The FritzFrog botnet has resurfaced, using the Log4Shell vulnerability to target internal hosts within compromised networks. It has expanded its targets to healthcare, education, and government sectors and now deploys cryptocurrency miners. FritzFrog also utilizes SSH brute-force and CVE-2021-4034 to escalate privileges, making efforts to avoid detection. Akamai is tracking … Read more
February 1, 2024 at 02:52PM The new variant of the botnet “FritzFrog” utilizes Log4Shell to target unpatched internal network assets. Unlike traditional Log4Shell attacks, it spreads through weak SSH passwords and Log4Shell vulnerabilities internally. This sophisticated botnet also exploits CVE-2021-4034 and employs stealth tactics, resulting in over 20,000 attacks since 2020. Mitigation involves strengthening passwords … Read more
December 11, 2023 at 04:29PM Lazarus, the North Korean hacking group, is utilizing CVE-2021-44228 to launch new malware families written in DLang as part of “Operation Blacksmith.” This campaign, targeting various industries, demonstrates the group’s evolving tactics. The new malware includes the remote access trojans NineRAT and DLRAT, as well as the downloader BottomLoader. Lazarus … Read more
December 11, 2023 at 01:13PM Research revealed that Lazarus Group used novel malware strains written in the atypical programming language DLang. The attacks, part of “Operation Blacksmith,” targeted organizations in various industries. This included the use of NineRAT and BottomLoader, with DLang’s usage representing a shift towards newer languages in malware coding, mirroring trends in … Read more
December 11, 2023 at 11:22AM North Korean hackers, under the Andariel group within the Lazarus collective, continue to exploit Log4Shell by launching attacks using new remote access Trojans written in the “D” programming language. These attacks illustrate their uniqueness as they exploit rare programming languages to evade detection, adding complexity to malware detection efforts. Their … Read more
December 11, 2023 at 10:12AM Lazarus, a North Korea-linked hacking group, has been using the Dlang malware in attacks on organizations in manufacturing, agriculture, and physical security sectors. Cisco’s Talos security researchers identify Lazarus as the perpetrator of these attacks, using the NineRAT, DLRAT, and BottomLoader malware families against unpatched systems. The attacks are related … Read more
December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security … Read more
December 10, 2023 at 10:39AM Around 38% of Apache Log4j applications are still vulnerable to security issues, including the critical Log4Shell flaw (CVE-2021-44228) allowing unauthenticated remote code execution. Despite available patches for over two years, many organizations continue to use insecure versions. It’s recommended that companies scan their environment and develop an emergency upgrade plan … Read more