この記事ではCVSSについて解説します。昨年秋にCVSS v4.0が出ておりバージョン改訂も(数年に一回ほど)されていますので、本記事ではCVSS v3.1をベースとした一般的な話に留め、v4.0に関する詳しい説明は別の記事とさせていただきます。| 熱血!ヒートウェー部
Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more.| www.huntress.com
ASUS Product Security Advisory| ASUS Global
How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries.| Cossack Labs
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.| www.fastly.com
One of the useful enhancements coming up in Spring Boot 3.4 is the out-of-the-box support for structured logging with support for Elastic.| Digma
Abstract| superdurszlak - Distributed Systems by Szymon Durak
The hard challenges really took it up a level. My favorite was a .NET web application where I have to crack a licence key. There’s also finding and reversing a backdoored passwd binary, some binary exploitation where I have to crash the server to preserve the flag and read it from the dump, RSA via an image, USB forensics, and exploiting a Minecraft server with Log4Shell.| 0xdf hacks stuff
CISA and its partners issued this guidance to inform organizations about vulnerabilities within the log4j services, websites, applications and products. CISA strongly encourages organizations to take immediate action to protect against exploitation.| Cybersecurity and Infrastructure Security Agency CISA
SUMMARY| Cybersecurity and Infrastructure Security Agency CISA
This month, we continue our Author Spotlight series with an in-depth interview of Loren Kohnfelder—a true icon in the security realm, as well as the author of Designing Secure Software. In the following Q&A, we talk with him about the everlasting usefulness of threat modeling, why APIs are plagued by security issues, the unsolved mysteries of the SolarWinds hack, and what the recent Log4j exploit teaches us about the importance of prioritizing security design reviews.| nostarch.com