Security Analysis of the 2nd Log4j CVE published earlier (CVE-2021-45046 / Log4Shell2)
https://ift.tt/30v4gku
Submitted December 15, 2021 at 09:14AM by freeqaz
via reddit https://ift.tt/3IMdF8F
https://ift.tt/30v4gku
Submitted December 15, 2021 at 09:14AM by freeqaz
via reddit https://ift.tt/3IMdF8F
www.lunasec.io
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec
A quick update on the situation now that a new log4j CVE has been created and patched in 2.16.0. We've done research and these are our findings.
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 - log4j
https://ift.tt/3GEqxf6
Submitted December 15, 2021 at 12:05PM by digicat
via reddit https://ift.tt/3yqE9rg
https://ift.tt/3GEqxf6
Submitted December 15, 2021 at 12:05PM by digicat
via reddit https://ift.tt/3yqE9rg
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
A TL;DR technical explanation of the log4j vulnerability
https://ift.tt/3dRbn9Q
Submitted December 15, 2021 at 07:31PM by sn1pr0s
via reddit https://ift.tt/3GOVCfU
https://ift.tt/3dRbn9Q
Submitted December 15, 2021 at 07:31PM by sn1pr0s
via reddit https://ift.tt/3GOVCfU
The next log4shell is imminent
https://ift.tt/3EXh6XK
Submitted December 15, 2021 at 07:29PM by sn1pr0s
via reddit https://ift.tt/3F0SkWq
https://ift.tt/3EXh6XK
Submitted December 15, 2021 at 07:29PM by sn1pr0s
via reddit https://ift.tt/3F0SkWq
TLDR Engineering
The next Log4shell is imminent
Remember the Equifax breach that happened 4 years ago, caused by an Apache Struts vulnerability (CVE-2017-5638)? I argue that it's quite similar in nature to the new log4j vulnerability, and moreover - it will happen again, in a different project.
For those who don't know whether to laugh or cry
https://log4jmemes.com/
Submitted December 15, 2021 at 10:26PM by subtleeffect
via reddit https://ift.tt/31UMVSO
https://log4jmemes.com/
Submitted December 15, 2021 at 10:26PM by subtleeffect
via reddit https://ift.tt/31UMVSO
reddit
For those who don't know whether to laugh or cry
Posted in r/netsec by u/subtleeffect • 19 points and 1 comment
Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)
https://ift.tt/3oU3ZRs
Submitted December 15, 2021 at 11:06PM by MiguelHzBz
via reddit https://ift.tt/3pYLKK3
https://ift.tt/3oU3ZRs
Submitted December 15, 2021 at 11:06PM by MiguelHzBz
via reddit https://ift.tt/3pYLKK3
Sysdig
Exploiting, Mitigating, and Detecting CVE-2021-44228: Log4j Remote Code Execution (RCE) – Sysdig
The CVE-2021-44228 is a CRITICAL vulnerability that allows attackers to execute arbitrary code on a machine. Updating log4j to 2.16.0.
jfrog/log4j-tools: tools for finding log4shell in jars and source
https://ift.tt/3E3gazE
Submitted December 16, 2021 at 03:55AM by descalingisfun
via reddit https://ift.tt/3ytefmK
https://ift.tt/3E3gazE
Submitted December 16, 2021 at 03:55AM by descalingisfun
via reddit https://ift.tt/3ytefmK
😰 Log4J vulnerability in detail and the bigger picture
https://ift.tt/3IPb261
Submitted December 16, 2021 at 09:06AM by susamn
via reddit https://ift.tt/30u5j3Z
https://ift.tt/3IPb261
Submitted December 16, 2021 at 09:06AM by susamn
via reddit https://ift.tt/30u5j3Z
Medium
😰 Log4J vulnerability in detail and the bigger picture
It’s a sad day for the Java community
Have You Noticed? There Are More Critical Vulnerabilities Than log4j
https://ift.tt/3yxL024
Submitted December 16, 2021 at 02:34PM by waymapsum
via reddit https://ift.tt/3GN1QwX
https://ift.tt/3yxL024
Submitted December 16, 2021 at 02:34PM by waymapsum
via reddit https://ift.tt/3GN1QwX
A strategy to land your first pentest job
https://ift.tt/3DXfxHP
Submitted December 16, 2021 at 04:30PM by Gallus
via reddit https://ift.tt/3saDr0r
https://ift.tt/3DXfxHP
Submitted December 16, 2021 at 04:30PM by Gallus
via reddit https://ift.tt/3saDr0r
Medium
A strategy to land your first pentest job
In this blog post, we are going to cover a strategy to help you get a job as a pentester or application security professional.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter Fork with some improvements.
https://ift.tt/3yAdJn1
Submitted December 16, 2021 at 05:34PM by v1brio
via reddit https://ift.tt/322i46K
https://ift.tt/3yAdJn1
Submitted December 16, 2021 at 05:34PM by v1brio
via reddit https://ift.tt/322i46K
GitHub
GitHub - ricardojba/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - ricardojba/noPac
Quick & Lazy Malware Development
https://ift.tt/3dTbou2
Submitted December 16, 2021 at 05:02PM by CaptMeelo
via reddit https://ift.tt/3oYZHrS
https://ift.tt/3dTbou2
Submitted December 16, 2021 at 05:02PM by CaptMeelo
via reddit https://ift.tt/3oYZHrS
Log4jScanner - free and open source log4j vulnerability scanner for internal networkz
https://ift.tt/3GPCC0Z
Submitted December 16, 2021 at 10:24PM by GelosSnake
via reddit https://ift.tt/327Yzth
https://ift.tt/3GPCC0Z
Submitted December 16, 2021 at 10:24PM by GelosSnake
via reddit https://ift.tt/327Yzth
Log4Sweater - A Christmas Sweater to commemorate 2021
https://ift.tt/33uuHHX
Submitted December 17, 2021 at 01:41AM by No-Order-1750
via reddit https://ift.tt/3p1W1WD
https://ift.tt/33uuHHX
Submitted December 17, 2021 at 01:41AM by No-Order-1750
via reddit https://ift.tt/3p1W1WD
Found a tool to locate log4j in containers!
https://ift.tt/3jBWsBa
Submitted December 17, 2021 at 01:21AM by Neo-Bubba
via reddit https://ift.tt/3e0tTwK
https://ift.tt/3jBWsBa
Submitted December 17, 2021 at 01:21AM by Neo-Bubba
via reddit https://ift.tt/3e0tTwK
Log4j exploits realtime honeypot logs (jndi)
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
reddit
r/netsec - Log4j exploits realtime honeypot logs (jndi)
58 votes and 1 comment so far on Reddit
Technical write up on a, “Doubly-Infected iPhone,” by Cytrox’s Predator and NSO’s Pegasus
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
Q4 ThinsktScapes infosec research roundup
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
reddit
r/netsec - Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
1 vote and 2 comments so far on Reddit
Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
reddit
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
Posted in r/netsec by u/itprofessional23 • 1 point and 0 comments