Archive for the ‘Security logs’ Category

Experts spotted Syslogk, a Linux rootkit under development

Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily […]

Leave a Comment

Log4Shell-like security hole found in popular Java SQL database engine H2

“It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.” That’s the briefest summary we can come up with of the bug CVE-2021-42392, a security hole recently reported by researchers at software supply chain management company Jfrog. This time, the bug isn’t in Apache’s beleagured Log4j toolkit, but can be found in a […]

Leave a Comment

Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns

The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has been observed targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilities in order to establish persistence within affected networks.” reads the security advisory published by NHS. […]

Leave a Comment

A Deeper Dive Into the Value of Centralized Logging

let’s go a bit deeper and discuss some best practices regarding centralized logging and what other log files you can put in your security incident and event management (SIEM) server. Before I do, picture this scenario:It’s 11:00 p.m. Saturday night over the Labor Day weekend. Your helpdesk reported that the network is slow in New […]

Leave a Comment

Critical Log Review Checklist For Security Incidents

Critical Log Review Checklist For Security Incidents – by SANS Institute Guide to Computer Security Log Management : Recommendations of the National Institute of Standards and Technology

Leave a Comment

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last weeks. Like the previous issues affecting the library, this one could be exploited by threat actors to execute malicious […]

Leave a Comment

Windows Event Log Analysis

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection

Leave a Comment

More than 35,000 Java packages impacted by Log4j flaw, Google warns

The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE. “More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package repository), have been impacted […]

Leave a Comment

Here We Go Again: Second Log4j Flaw Surfaces

Maybe Log4j vulnerabilities are like rats—for every one that’s visible, multiple others scurry beneath the surface. It’s too early to tell if that’s what will happen with Log4j. But just a day or so after a damaging vulnerability was disclosed, another has come to light. This time it’s believed to be moderate in severity. “A […]

Leave a Comment

Security Logging in Cloud Environments – AWS

Which Services Can We Leverage? AWS offers multiple services around logging and monitoring. For example, you have almost certainly heard of CloudTrail and CloudWatch, but they are just the tip of the iceberg. CloudWatch Logs is the default logging service for many AWS resources (like EC2, RDS, etc.): it captures application events and error logs, and allows […]

Leave a Comment