Posts by boB Rudis

14 min Log4Shell

The Everyperson’s Guide to Log4Shell (CVE-2021-44228)

This blog is for everyone who wants to understand what’s going on with the Log4Shell vulnerability in Log4j and why the internet seems to be on fire again.

15 min Emergent Threat Response

Widespread Exploitation of Critical Remote Code Execution in Apache Log4j

On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.

4 min Ransomware

3 Strategies That Are More Productive Than Hack Back

Hack back, as used by non-government entities, is problematic for many reasons. Here are 3 alternative strategies to thwart the attackers.

4 min 2022 Planning

2022 Planning: Prioritizing Defense and Mitigation Through Left of Boom

In this post, we'll use ransomware as an example for 3 areas where you can apply a left-of-boom approach in your defenses in the coming year.

4 min Emergent Threat Response

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper [https://www.trojansource.codes/trojan-source.pdf] on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different languages—to trick compilers into emitting binaries that do not actually match the logic visible in source code. In other words, what a developer or secu

4 min 2022 Planning

2022 Planning: Straight Talk on Zero Trust

What does zero trust really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022?

8 min Ransomware

The Rise of Disruptive Ransomware Attacks: A Call To Action

Ransomware attacks are on the rise. In this post, we examine the dynamics of this trend and where it might be headed.

4 min Emergent Threat Response

Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack that appears to be targeting Kaseya VSA patch management and monitoring software.

2 min Emergent Threat Response

ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know

On June 29, 2021, researcher Michael Stepankin (@artsploit) posted details of a pre-auth remote code execution (RCE) vulnerability, CVE-2021-35464, in ForgeRock Access Manager identity and access management software that front-ends web applications and remote access solutions in many enterprises.

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

3 min News

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

2 min News

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

Cisco has released security updates to address vulnerabilities in most of their product portfolio.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.