Displaying items by tag: crypto mining

Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.

A shell for me, a shell for you, a shell for everybody in the room. If you have not heard about Log4J and the associated vulnerabilities in versions between 2.0 and 2.16 you might have not been near a computer in quite a while. This Remote Code Execution vulnerability that has several CVEs (common vulnerabilities and exploits) associated with it is commonly lumped into the term Log4Shell. Log4J itself is a Java based Apache logging framework that is in widespread usage in many applications. The list of impacted applications is not, and may never be, known. Many vendors have release complex mitigation steps and patches, but many devices are not getting patched (nothing surprising here). This has allowed this vulnerability to become quickly weaponized and used in targeted attacks.