Hello everyone,
As we release the podcast for the Security Box, we had to change the topic to this new vulnerability with Apache and Java called Log4j/.
The podcast covers three articles which are good, but I did find one that was sent to the Security Box’s list last Friday.
We still have a lot to learn, including the fact that information continues to come out about it.
This reminds me of Solar Winds of Last Year, when the Security Box covered it non stop, and I wrote up articles to try and get information out there.
What we do know is quite interesting. We know that some of our past friends we’ve talked about in the exploit side of things are part of this too, including Emotet and ColbaltStrike.
I’m also sure that the Security Box will also have commentary and continued thoughts as we learn more.
- CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices from Cyberscoop
- CISA to brief critical infrastructure companies about urgent new Log4j vulnerability from Cyberscoop
- Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited from Trend Micro
There are others I’ve not read as of yet. 4 of them were just sent to our list yesterday evenoing.
Want to subscribe to the Security Box where we’ll post articles like these that might be of interest? Click on this link to subscribe to The Security Box list You’ll be taken to a page on the mix’s web site.
I hope that this is of value to you, and that we solve this quickly. I’ll have more thoughts as I read.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.