Please turn on your JavaScript for this page to function normally.
Microsoft
Microsoft begins broadening free cloud logging capabilities

After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using …

Windows
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …

Logging Made Easy
Logging Made Easy: Free log management solution from CISA

CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. …

Microsoft
Thanks Storm-0558! Microsoft to expand default access to cloud logs

Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, …

Okta
A common user mistake can lead to compromised Okta login credentials

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those …

cloud
Google Cloud Platform allows data exfiltration without a (forensic) trace

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …

tracking
How to avoid security blind spots when logging and monitoring

Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the …

Log4Shell: A retrospective

Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Log4j
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

Don't miss

Cybersecurity news