Photo by ThisIsEngineering from Pexels
Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.
Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website...
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...