Threat Post

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. No surprise here: The holidays ...
GIGAZINE

Log4j library zero-day vulnerability 'Log4Shell' is attacking vulnerable servers one after another, and you can do whatever you want, such as installing virtual currency miners ...

Log4Shell is a vulnerability found in the feature 'JNDI Lookup' that has been included since version 2.0 beta 9 of Log4j, which dynamically reads a class file from any LDAP server with a specific ...
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
Dark Reading

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

Enterprise data lakes are filling up as organizations increasingly embrace artificial intelligence (AI) and machine learning — but unfortunately, these are vulnerable to exploitation via the Java ...
PC Magazine

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

I've been writing about tech, including everything from privacy and security to consumer electronics and startups, since 2011 for a variety of publications.
Bleeping Computer

US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining ...
TechCrunch

Study: 30% of Log4Shell instances remain unpatched

On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world and broke the internet. As the third most used ...
Threat Post

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild. Recently reported VMware bugs are being used by hackers who are focused ...
GIGAZINE

An attack that exploits the zero-day vulnerability 'Log4Shell' in the Java library that shakes the world has already started before it was discovered.

A proof-of-concept code for the zero-day vulnerability ' Log4Shell ( CVE-2021-44228) ' in Java's log output library, Apache Log4j, was released on December 10, 2021 Japan time. There are various ...
PC Magazine

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

Huntress reports that attackers have started to exploit the Log4Shell vulnerabilities revealed in December 2021 on servers running VMware Horizon to deploy Cobalt Strike. Log4Shell refers to several ...
Infosecurity-magazine.com

Exploit Activity Surges 150% in Q2 Thanks to Log4Shell

Detections of malware events, botnet activity and exploits all increased significantly in the second quarter of 2022, according to new data from Nuspire. The managed security services provider (MSSP) ...