Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
Bleeping Computer

US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining ...
ZDNet

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...
SDxCentral

Arctic Wolf: Log4Shell Has a Long Tail

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...
GIGAZINE

Microsoft announces that the Hacking Group with the support of China, Iran, North Korea and Turkey is exploiting Log4j's zero-day vulnerability 'Log4Shell'

On December 14, 2021, a zero-day vulnerability 'Log4Shell ' that allows Microsoft to execute remote code that existed in Java's Log4j library is used by government-affiliated hacking groups related to ...
Bleeping Computer

Amazon Web Services fixes container escape in Log4Shell hotfix

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments ...
InfoQ

Java News Roundup: Updates on Log4Shell, Spring Framework 6.0-M1, WildFly 26

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
Threat Post

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily exploited and ...
techtimes

CISA Issues New Log4Shell Risk Warning, Saying ALL VMWare Systems Unpatched Since 2021 as Compromised

CISA issues a new Log4Shell risk warning since the cybersecurity agency believes many VMWare systems are still vulnerable to this flaw. A participant uses a laptop computer as he takes part in the ...
Computer Weekly

Nightmare Log4Shell scenario averted by prompt, professional action

Mass exploitation of the Log4Shell – CVE-2021-44228 – vulnerability in Apache Log4j, which was first publicised in December 2021, has almost entirely failed to occur, after the prompt actions of ...
ZDNet

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...