Weaponizing Apache OFBiz CVE-2023-51467

On December 26, SonicWall disclosed an authentication bypass affecting Apache OFBiz. SonicWall demonstrated the vulnerability, assigned CVE-2023-51467, by accessing the protected HTTP endpoint /webtools/control/ping without authentication. While that proved the vulnerability existed, it did not demonstrate arbitrary code execution. However, Read More …

GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ

This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache. On November 2, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating Read More …

Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604

Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom Read More …

Budworm: Espionage Group Returns to Targeting U.S. Organizations

The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is Read More …

Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to cyberattacks because security patches haven’t been applied. First detailed in December, the Read More …

What to Do About Log4j

Log4j poses some deep challenges to IT. In this article I’ll discuss some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates. Read More …

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache has released version 2.17.0 of the patch for Log4j after discovering issues with their previous release, which came out on Tuesday. Apache said version 2.16 “does not always protect from infinite recursion in lookup evaluation” and explained that it Read More …

Second Log4j vulnerability CVE 2021-45046 discovered, patch already released

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was Read More …

CISA Issues Apache Log4j Vulnerability Guidance

CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” Log4j Read More …