20211210-TLP-WHITE_LOG4J.md Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) A Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 Atlassian : https://community.developer.atlassian.com/t/u…
Brazil Health Ministry Website Hit By Hackers, Vaccination Data Targeted
New submitter Unpopular Opinions writes: Brazil’s health ministry reports that in the early hours of Friday it suffered an incident that temporarily compromised some of its systems, which are currently unavailable and/or being directed to other domains…
Volvo Discloses Security Breach Leading To Data Theft
An anonymous reader quotes a report from BleepingComputer: Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. “Volvo Cars has become aware that one of its…
Log4J2 Vulnerability and Spring Boot
As you may have seen in the news, a new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and has been fixed in Log4J v2.15.0. Spring Boot u…
Volvo had some R&D data stolen in security breach
Volvo Cars is investigating a cybersecurity breach and theft of a limited amount of the company’s research and development data. The data breach was reported Friday by the Swedish automaker. The company said one of its file repositories had been illegally accessed by a third party. Investigations have revealed that a “limited amount of the […]
Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit
A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]
log4jの脆弱性について
log4jとはJava用のloggingライブラリだ。loggingライブラリというのはログとして記録すべき文字列を受け取り、それをどこかに出力するものだ。文字列の中身を通常のloggingライブラリは気にしない。 log4jが通常のloggingライブラリと違うのは、文字列の中身を見て、一部の文字列を変数とみなして置換することだ。これは…
Exploiting JNDI Injections in Java | Veracode
Overview Manage your entire AppSec program in a single platform. Application Analysis Simplify vendor management and reporting with one holistic AppSec solution.
US wins appeal over extradition of WikiLeaks founder
WikiLeaks founder Julian Assange is facing the prospect of imminent extradition to the US after the UK High Court granted an appeal by the US government against an earlier (January) refusal by a UK judge to extradite him on mental health grounds. A final decision on whether or not to grant the extradition will be […]
CVE-2021-44228 – Log4j RCE 0-day mitigation
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest ver…