Archive for the ‘Log Management’ Category

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

The Night Sky ransomware operation started exploiting the Log4Shell flaw ( CVE-2021-44228 ) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on […]

Leave a Comment

Log4Shell-like security hole found in popular Java SQL database engine H2

“It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.” That’s the briefest summary we can come up with of the bug CVE-2021-42392, a security hole recently reported by researchers at software supply chain management company Jfrog. This time, the bug isn’t in Apache’s beleagured Log4j toolkit, but can be found in a […]

Leave a Comment

A Deeper Dive Into the Value of Centralized Logging

let’s go a bit deeper and discuss some best practices regarding centralized logging and what other log files you can put in your security incident and event management (SIEM) server. Before I do, picture this scenario:It’s 11:00 p.m. Saturday night over the Labor Day weekend. Your helpdesk reported that the network is slow in New […]

Leave a Comment

Critical Log Review Checklist For Security Incidents

Critical Log Review Checklist For Security Incidents – by SANS Institute Guide to Computer Security Log Management : Recommendations of the National Institute of Standards and Technology

Leave a Comment

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last weeks. Like the previous issues affecting the library, this one could be exploited by threat actors to execute malicious […]

Leave a Comment

Windows Event Log Analysis

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection

Leave a Comment

Experts monitor ongoing attacks using exploits for Log4j library flaws

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, trigger a Denial of Service condition, or disclose confidential information. Dr. Web set up […]

Leave a Comment

Log4Shell: The Movie… a short, safe visual tour for work and home

As Christmas 2021 approaches, spare a thought for your sysamins, for your IT team, and for your cybersecurity staff. There may be plenty of mice stirring all through the IT house right up to Christmas Eve… …because that’s the deadline set by the US Cybersecurity and Infrastructure Security Agency (CISA) for patching the infamous Log4Shell vulnerability, a dangerously […]

Leave a Comment

Active scanning for Apache Log4j 2

Leave a Comment

Here We Go Again: Second Log4j Flaw Surfaces

Maybe Log4j vulnerabilities are like rats—for every one that’s visible, multiple others scurry beneath the surface. It’s too early to tell if that’s what will happen with Log4j. But just a day or so after a damaging vulnerability was disclosed, another has come to light. This time it’s believed to be moderate in severity. “A […]

Leave a Comment

Records and Information Management: Fundamentals of Professional Practice

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a […]

Leave a Comment

Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Maybe it was the old Lionel Hutz play: ‘No-logging VPN? I meant, no! Logging VPN!’ Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet   Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take an awareness […]

Leave a Comment

What to Log for Authentication and Access Control

Authentication and access control plays a critical role in web application security.  Mostly for logging, all authentication and access control events should be logged which includes but not limited to successes and failures. If  we are logging only the successful events, someone may brute force attack the passwords without any detection or notice. On the […]

Leave a Comment