vulnerability

What is a watering hole attack and how can I defend myself?

Posted by Alexius Dionysius Diakogiannis on in Security

If you have any hunting experience or have been in a beer talk with hunting stories  you probably have came across the term “Watering Hole Attack“. In this attack the hunter is covered near an area with a water hole where animals go in order to drink water, feel safe and usually have their guards down and their instincts more relaxed. So they don’t have to track the prey and attack on the go but wait until it comes to it’s fate on it’s own. Very similar to this approach a hacker targets specific end users by infecting frequently visited websites with malware that spreads to the user’s device.

Continue reading “What is a watering hole attack and how can I defend myself?”

[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions

Posted by Alexius Dionysius Diakogiannis on in Security 3 Comments
CVE-2021-44228 - Log4j RCE 0-day mitigation

UPDATE 14/12/2021

I had an update from my very good friend and excellent consultant Stella Varvarigou in which she explained me that setting com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase to false does not fully mitigate the threat as it is possible to send the exploit code with the request.  [2]

Introduction

Apache Log4j, the most popular logging system, has announced a zero-day exploit CVE-2021-44228 on December 9, 2021 that results in remote code execution. Let’s analyze whys this happened and what can be done in order to mitigate the risk. Continue reading “[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions”

Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)

Posted by Alexius Dionysius Diakogiannis on in Application Servers, Security

Η ομάδα του Apache Tomcat έχει πρόσφατα επιδιορθώσει πολλές ευπάθειες ασφάλειας. Μια από αυτές θα μπορούσε να επιτρέψει σε έναν μη εξουσιοδοτημένο εισβολέα να εκτελέσει από απόσταση κακόβουλο κώδικα σε επηρεαζόμενους διακομιστές.
Continue reading “Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)”