Graham Cluley

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. In fact, I’ve received so many emails from PR agencies ...
techtimes

Log4Shell Exploit Could Take Months or Years to Solve Because of its Ubuquity, Cybersecurity Experts Say

The existence of the Log4j flaw will continue to haunt internet users for months if not years, according to cybersecurity experts. Sigmund from Unsplash The most recent attacks alerted the security ...
techtimes

Lazarus Group Still Exploits Log4Shell: What Are Andariel's Recent Cyberattacks?

North Korean hackers remain relentless in exploiting the Log4Shell vulnerability worldwide. Recent reports reveal that these hackers, operating under the guise of "Andariel" within the Lazarus ...
Threat Post

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. No surprise here: The holidays ...
Bleeping Computer

Log4shell exploits now used mostly for DDoS botnets, cryptominers

The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for ...
Dark Reading

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

Enterprise data lakes are filling up as organizations increasingly embrace artificial intelligence (AI) and machine learning — but unfortunately, these are vulnerable to exploitation via the Java ...
Computer Weekly

Almost half of networks probed for Log4Shell weaknesses

Close to half of corporate networks around the world have now been actively probed by malicious actors trying to find a way to exploit CVE-2021-44228, aka Log4Shell remote code execution (RCE) ...
ZDNet

Log4j update: Experts say log4shell exploits will persist for 'months if not years'

Steve Povolny, head of advanced threat research for McAfee Enterprise and FireEye, said Log4Shell "now firmly belongs in the same conversation as Shellshock, Heartbleed, and EternalBlue." "Attackers ...
HHS

FritzFrog Botnet Exploits Log4Shell

Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector, supplementing its usual remote login brute ...
Homeland Security Today

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced ...
9to5Mac

Apple patches Log4Shell iCloud vulnerability, described as most critical in a decade

Apple has patched the Log4Shell iCloud vulnerability, after it was last week revealed that a security hole in the open-source tool log4j put millions of apps at risk. Cybersecurity experts described ...