相關新聞
Bad things come in threes: Apache reveals another Log4J bug
Third major fix in ten days is an infinite recursion flaw rated 7.5/10 The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.…
The Register
2021年12月20日 284 觀看次數
![](https://regmedia.co.uk/2021/12/19/shutterstock_log4j.jpg)
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.
"This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse...
The Hacker News
2021年12月18日 228 觀看次數
Log4j attackers switch to injecting Monero miners via RMI
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.
Bleeping Computer
2021年12月17日 218 觀看次數
![](https://www.bleepstatic.com/content/hl-images/2021/12/13/Log4j__logo.jpg?rand=2046315934)
Malicious Exchange Server Module Hoovers Up Outlook Credentials
"Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
Threatpost
2021年12月16日 246 觀看次數
![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/26083932/exchange-server-microsoft.jpg)
Ransomware in 2022: We're all screwed
Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.
ZDnet
2021年12月16日 199 觀看次數
![](https://www.zdnet.com/a/img/resize/ac23f5475eb67f67e44c9bb5e0b41e3d9a8919da/2021/12/15/5d6836ac-a637-410c-9381-0ff8754dd00f/shutterstock-2023392170.jpg?width=770&height=578&fit=crop&auto=webp)
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
Threatpost
2021年12月16日 177 觀看次數
![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/06142606/SAP2-e1617733579541.jpg)
New Microsoft Exchange credential stealing malware could be worse than phishing
Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service (IIS) web server software that it said is designed to harvest credentials from Outlook Web Access (OWA), the webmail client for Exchange and Office 365...
TechRepublic
2021年12月15日 219 觀看次數
![](https://www.techrepublic.com/a/hub/i/r/2018/03/12/82c2546a-42c0-42c8-881b-801d6ad4f9a4/resize/770x/0ed0369797e132fa9cd2018a97330285/malware.jpg)
Irish Health Service ransomware attack happened after one staffer opened malware-ridden email
PWC report shows long list of missed opportunities to shut out extortion crims Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed....
The Register
2021年12月11日 256 觀看次數
![](https://regmedia.co.uk/2016/05/05/ireland_and_great_britain_map_image_via_shutterstock.jpg)
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
Threatpost
2021年12月11日 224 觀看次數
![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/05155430/apache.png)
Malicious npm Code Packages Built for Hijacking Discord Servers
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
Threatpost
2021年12月09日 232 觀看次數
![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/22125253/NPM-e1611337986238.jpg)