[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 … Read More
Log4j Becomes The Highest Detected Vulnerability Days After Release
Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our … [Read More...]
The Death of the Carding Marketplace
This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After … [Read More...]
Is Cybersecurity Vocational?
This week on the podcast we give an update on log4j2 and it's most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York … [Read More...]
Log4Shell Deep Dive
This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to … [Read More...]
HP iLO and the Newly Discovered iLOBleed Rootkit
Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for … [Read More...]
Post-Purchase Monetization of the TV and Your Diminishing Privacy
The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically … [Read More...]
ProxyShell, Exchange Servers Under Attack Again
With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and … [Read More...]
Give Us Your SSN, Your Email Password, and Your Dream Job
Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and … [Read More...]
Active Compromises of vCenter Using The Log4J Vulnerability
Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot … [Read More...]
