White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

Multi-platform SysJoker backdoor targeting Windows, macOS & Linux Devices

Linux and macOS samples of SysJoker malware were found to be fully undetected on VirusTotal. The IT security researchers at Israel-based cybersecurity firm Intezer have identified a novel multi-platform backdoor malware…

NPK: Free tool to crack password hashes with AWS

The NPK tool is an open-source password cracking tool developed by the Coalfire Labs Research and Development team. The initials NPK are inspired by the atomic elements contained within farm…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

Malware analysis arsenal: Top 15 tools

We live in an era where digital transformation is part of our lives. With this, malware has become a critical and huge threat to organizations and people around the globe…

New Ransomware Family Deployed in Log4Shell Attacks

Recently a public exploit for the major zero-day vulnerability known as ‘Log4Shell’ in the Apache Log4j Java-based logging platform has been made available. Log4j is a development platform that enables…

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by…

Oregon medical group notifies 750,000 patients of breach, says FBI seized accounts from HelloKitty ransomware

The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information. The breach involves the information of…

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities. Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot…

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j,…