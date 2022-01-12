Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide. It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software. A new open source tool from Oxeye is set to help in the fight against Log4Shell by uncovering hidden payloads that are actively being… [Continue Reading]