Cleaning up the Mess will Take a Methodical Approach

Nearly every week the cybersecurity community buzzes around a newly discovered vulnerability or a breach. December’s alert for the CVE-2021-4428  vulnerability in Apache Foundation’s Log4j software is no different. Also known as the Log4Shell vulnerability, it is present within the log4j-core library commonly used for logging in Java applications. These applications are widely deployed in a huge...

Interesting times lead to interesting opportunities. The current pandemic is proving no exception, but, sadly, it’s an opportunity for some attackers who have laid a rather cunning trap. As you no doubt know, supply chain security typically focuses on firmware and installers. However, in the course of researching vendor documentation, we saw a clever technique being utilized by attackers targeting critical infrastructure and industrial asset owners.