The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far. Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging library that … More Log4Shell vulnerability: What we know so far
Malicious code is nothing to worry about on Linux, right? Hold your penguins. How Linux malware has gone from the sidelines to the headlines. Gone are the days when the idea of viruses or other malware hitting Linux was almost universally greeted with quizzical glances, if not outright rejection. Long thought of as the perfect … More Linux and malware: Should you worry?
The discovery was made barely two days after the release of a patch that fixes the critical flaw in the web application framework. Researchers have discovered freely available proof-of-concept (PoC) code that can be used to exploit a critical security hole in the Apache Struts 2 web application framework shortly after the vulnerability was disclosed … More PoC targeting critical Apache Struts bug found online
Last week, our friends at Sucuri sent us a modified version of an Apache webserver redirecting some of its requests to the infamous Blackhole exploit packs. Sucuri has published a blog post on this attack. Our analysis of this malware, dubbed Linux/Cdorked.A, reveals that it is a sophisticated and stealthy backdoor meant to drive traffic … More Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole