log4j – PossibleThreat Articles

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 25 Jul 2024 15:57:18 +0000

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment.

The post Onyx Sleet uses array of malware to gather intelligence for North Korea appeared first on Microsoft Security Blog.

MalwareBytes Security

4 over-hyped security vulnerabilities of 2022

December 19, 2022 0 Comments cve-2022-22963, cve-2022-22965, cve-2022-27492, cve-2022-34718, cve-2022-36934, Exploits and vulnerabilities, log4j, news, OpenSSL, spring4shell, wormable, zero day

Categories: Exploits and vulnerabilities

Categories: News

Tags: wormable

Tags: zero-day

Tags: spring4shell

Tags: cve-2022-34718

Tags: log4j

Tags: openssl

Tags: cve-2022-36934

Tags: cve-2022-27492

Tags: cve-2022-22965

Tags: cve-2022-22963

What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022?

(Read more…)

The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

MalwareBytes Security

Why Log4Text is not another Log4Shell

October 19, 2022 0 Comments apache, commons text, cve-2022-42889, Exploits and vulnerabilities, interpolators, log4j, log4shell, log4text, news

Categories: Exploits and vulnerabilities

Categories: News

Tags: Log4Text

Tags: Apache

Tags: Commons Text

Tags: CVE-2022-42889

Tags: Log4j

Tags: Log4Shell

Tags: interpolators

Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry?

(Read more…)

The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.

Security Sophos

Dangerous hole in Apache Commons Text – like Log4Shell all over again

October 17, 2022 0 Comments apache, apache commons text, cve-2022-42889, log4j, log4shell, string interpolation, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 18 Oct 2022 01:26:26 +0000

Third time unlucky. Time to put your patching boots on again…

Microsoft Security

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

August 25, 2022 0 Comments cybersecurity, log4j, mercury, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Thu, 25 Aug 2022 16:00:00 +0000

Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.

The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog.

MalwareBytes Security

Researchers found one-click exploits in Discord and Teams

August 15, 2022 0 Comments discord, electron, electronjs, Exploits and vulnerabilities, log4j, log4shell, microsoftteams, news, nodejs, spotify, v8 chrome

Categories: Exploits and vulnerabilities

Categories: News

Tags: Discord

Tags: Spotify

Tags: MicrosoftTeams

Tags: Electron

Tags: ElectronJS

Tags: NodeJS

Tags: V8 Chrome

Tags: Log4Shell

Tags: Log4j

A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others