Log4shell (log4j), Amazon Outage and Cream cheese Shortage

Want to learn about the log4j vulnerability and how a 6 year old JDNI exploit became urgent overnight? That and much more, this Thursday December 16th at 4pm Paris, 10am New York, 7am Los Angeles, 11pm Tokyo - LIVE! --Topics-- Log4Shell, Log4j CVE-2021-44228 Ransomware & RDoS MANGA/Dark.IoT Update Beijing 2022 diplomatic boycott Amazon Outage Cream Cheese Shortage Holiday Warnings --References-- Log4Shell - Attack surface https://github.com/YfryTchsGD/Log4jAttackSurface https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html Log4Shell - JNDI https://docs.oracle.com/javase/jndi/tutorial/getStarted/overview/index.html Log4Shell - JNDI Injection https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf https://github.com/mbechler/marshalsec Log4Shell - JNDI Injection Mitigation https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/ Log4Shell - PoCs https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce https://web.archive.org/web/20211215215051/https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce/blob/main/Exploit.java https://github.com/zzwlpx/JNDIExploit Log4Shell - Exploiting https://blog.radware.com/security/alert/2021/12/log4shell-critical-log4j-vulnerability/ Log4Shell - SANS Emergency Live Stream https://www.youtube.com/watch?v=oC2PZB5D3Ys Log4Shell - Malicious payloads https://blog.radware.com/security/alert/2021/12/log4shell-critical-log4j-vulnerability/ https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild https://www.datadoghq.com/blog/log4j-log4shell-vulnerability-overview-and-remediation/ https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/ Log4Shell - Nation-state threat groups https://therecord.media/log4shell-attacks-expand-to-nation-state-groups-from-china-iran-north-korea-and-turkey/ https://www.scmagazine.com/news/cybercrime/chinese-iranian-threat-groups-said-to-exploit-log4j Log4Shell - Obfuscation https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html Log4Shell - First exploits https://therecord.media/log4shell-attacks-began-two-weeks-ago-cisco-and-cloudflare-say/ Log4Shell - CVE-2021-45046 https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/ Log4Shell - CISA KNOWN EXPLOITED VULNERABILITIES CATALOG https://therecord.media/cisa-tells-federal-agencies-to-patch-log4shell-before-christmas/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog Ransomware & RDoS https://blog.radware.com/security/2021/11/ransomware-ransom-dos-why-they-are-similar-but-different/ Combining Threats https://securityintelligence.com/news/hellokitty-ransomware-group-ddos-extortion/ https://therecord.media/the-fbi-believes-the-hellokitty-ransomware-gang-operates-out-of-ukraine/ https://www.securitymagazine.com/articles/95238-welcome-to-the-new-world-of-triple-extortion-ransomware MANGA/Dark https://www.fortinet.com/blog/threat-research/manga-aka-dark-mirai-based-campaign-targets-new-tp-link-router-rce-vulnerability https://therecord.media/tp-link-routers-under-attack-from-dark-iot-botnet/ https://www.radware.com/getmedia/18d24c2d-c092-4a61-9ad6-ebb92b7a49b8/Alert_Realtek_SDK.aspx https://www.radware.com/security/threat-advisories-and-attack-reports/dark-iot-omigod-update/ Beijing Boycott https://www.nbcnews.com/politics/white-house/white-house-announces-diplomatic-boycott-beijing-winter-olympics-over-human-n1285419 https://www.bloomberg.com/news/articles/2021-12-07/china-warns-u-s-will-pay-a-price-for-boycotting-olympics?sref=omvmmwIg https://twitter.com/AFP/status/1468485092347887616?s=20 Amazon Outage https://aws.amazon.com/message/12721/ https://www.nbcnews.com/news/us-news/amazons-web-services-outage-second-two-weeks-rcna8880 Cream Cheese Shortage https://www.bloomberg.com/news/articles/2021-12-09/that-cream-cheese-shortage-you-heard-about-cyberattacks-played-a-part https://www.cyberscoop.com/schreiber-foods-cyber-event-ransomware-agriculture-food/ https://s3.documentcloud.org/documents/21053966/fbi-bc-cyber-criminal-actors-targeting-the-food-and-agriculture-sector-with-ransomware-attacks.pdf Holiday Warning https://therecord.media/germany-warns-of-ransomware-attacks-over-christmas-citing-emotet-return-unpatched-exchange-servers/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-269757-1032.html?nn=520690 https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211117_DDoS-BlackFriday.html https://www.cisa.gov/uscert/ncas/current-activity/2021/11/22/reminder-critical-infrastructure-stay-vigilant-against-threats -- Presentations and resources from past episodes: https://discover.radware.com/l/threat-intelligence Security reports, alerts, advisories and earlier episodes: https://security.radware.com

Tweets by radware

Tweets Liked by @radware