A common user mistake can lead to compromised Okta login credentials
Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those …
Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …
How to avoid security blind spots when logging and monitoring
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the …
Log4Shell: A retrospective
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …