Apache needed to rush at the start of December 2021 to be prepared to launch spots for Log4Shell when it openly revealed the circumstance on December 9 of in 2015. Because of this, scientists...
An attacker could use this notorious vulnerability (dubbed Log4Shell) to force a victim to download, install and execute externally hosted malicious payloads with relative ease. click here to read full Article Read More on...
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked...
After a while, it finally arrived. The first weekend of real vacation in almost two years. Wine, food, skis in the car, social network notifications muted and out of office activated, what could possibly go wrong?...
Microsoft: China-based ransomware actor exploiting Log4Shell click here to read full Article Read More on latest Security Updates
Public and private organizations alike, including Microsoft and the U.S. Federal Trade Commission (FTC), are alerting organizations against continuous attacks exploiting Log4Shell since December 2021. click here to read full Article Read More on...
Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell. click here to read full Article Read more...
CrowdStrike researchers have found Aquatic Panda threat actors who are abusing Log4Shell exploit tools on a vulnerable VMware installation at large academic institutions. The threat group is known for using tools for maintaining persistence...
The security team of the U.K NHS said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks. click here to...
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on...
Researchers underlined a surge in attacks from PYSA ransomware. The relatively new ransomware was behind 50% of attacks that occurred in November. Another actor mentioned in the report is Russian-speaking ransomware group Everest that...
As the Apache Log4j vulnerability continues to wreak havoc, Google and Code Intelligence have jumped… Google’s OSS-Fuzz Tool Now Detects “Log4Shell” Via Jazzer on Latest Hacking News. click here to read full Article Read...
The ministry of information technology in China has opted to pull back from its collaboration with Alibaba temporarily. The ministry deals with industry and issues involving IT and has collaborated with Alibaba in the...
The US CISA released an advisory offering vendors and affected organizations a detailed guide on dealing with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s library. click here...
Check Point researchers observed communications between a server used by the Charming Kitten group and targets in Israel. The group is actively taking advantage of a recently disclosed vulnerability in Log4j to carry out attacks....
Researchers from KnownSec and Sangfor reported that the TellYouThePass ransomware resurged and is exploiting the Apache Log4j CVE-2021-44228 flaw to target both Linux and Windows systems. click here to read full Article Read more...
