Olivia
Online
Richard Ulfvin
@ulfvin
Aloha, I work as a developer for @TrueSec_se in Sweden. I´m a passionate speaker about code.
Stockholm
Joined April 2009
846 Following
261 Followers
769 Posts
@davidfowl Then there is this OSS version of it: https://t.co/J5EBaWbYon
@davidfowl Is this something you been looking at https://t.co/aGZgc60d23 👀
@pry0cc Hm, back in the days you could slice and sand anything via ICMP 🤔
Who to follow
Daniel Ulrichs
@DanielUlrichs
Architect - Identity & Security. Consultant with high focus on Active Directory/Security, Identity and system hardening @ https://t.co/lP8KKKSwup
Hasain Alshakarti
@Alshakarti
Truested Principal Cyber Security Advisor, red & blue teamer IAM & PKI expert, Microsoft MVP and Speaker at @TRUESEC
Simon Wåhlin
@SimonWahlin
Consultant @UnwontedAB, Microsoft Certified Trainer and Microsoft MVP. Azure architect by day, developer by night. #powershell and #bicepLang
@fwikingsson Kan hönor flyga 🤔
Phreaking Sunday with the kids at the museum 🤗
Time to flip year, happy new… ya’ll 💕
@davidfowl My biggest challenge on a daily basis is naming things 😂
👏
I salute the log4j team! They are working really hard fixing people's issues and making us all safer. Unlucky circumstances involved, and bugs happen. But we shall be very grateful for the work they've done the last few days.
Again reiterating that you need to patch regardless of Java versions. The deser vector will apply to many systems, as the history of Jackson and XStream has shown again and again.
Potential mitigation for use of some third party Java apps that bundle log4j:
Add -Dlog4j2.formatMsgNoLookups=true to beginning of jvm args if configurable. While waiting for patches to the app.
In many cases you can set such args (to tweak memory settings etc).
@jbogard Rip them out of the wall, glue them on a picture… and you got yourself a nice “wireframe” 😂
@jsnover ☝️😂…. 😳, yes - me to 👍
A good read:
💡#Truesec #IncidentResponse story from real-life #cyberattack - Supermarket chain #Coop rescued in days after falling victims of the #Kaseya breach, forcing a nationwide lockdown of stores in Sweden.
Here's how➡️ https://t.co/ELjpBtiWc6
#TrueStory #customercase
Finding a good patch policy for npm gets harder every day. Due to malware, quarantining new releases is reasonable. But we must patch known vulns. And vuln feeds miss stuff, so we might not patch important updates then.
Leaving server-side js (node) in a really awkward position.
Be aware my npm friends out there:
🚨ONGOING: we are investigating systems infected with a malicious version of the npm package UAParser.js (7 million weekly downloads).
The hijacked package delivers a malware loader and a cryptominer.
IOCs below:
@fabio_viggiani I first thought you where snatching bootimages somewhere 😂
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers