Computer Weekly

Almost half of networks probed for Log4Shell weaknesses

Close to half of corporate networks around the world have now been actively probed by malicious actors trying to find a way to exploit CVE-2021-44228, aka Log4Shell remote code execution (RCE) ...
Threat Post

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily exploited and ...
ZDNet

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...
Bleeping Computer

Hackers start pushing malware in worldwide Log4Shell attacks

Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article, we have compiled the known payloads, ...
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
Graham Cluley

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. In fact, I’ve received so many emails from PR agencies ...
Australian Broadcasting Corporation

Log4shell software flaw threatens millions of servers as hackers scramble to exploit it

A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organisations around the world. The ...
TechSpot

Many Java-based applications and servers vulnerable to new Log4Shell exploit

Why it matters: Earlier this week, developers of the open-source security platform LunaSec discovered a zero-day vulnerability affecting a widely used Java-based logging library. The vulnerability, ...
Computer Weekly

Log4Shell: How friendly hackers rose to the challenge

Imagine the scene: a severe vulnerability emerges that affects organisations worldwide, allowing unauthorised access to highly sensitive data. This scenario happened in late 2021 when a popular open ...
Bleeping Computer

Lazarus hackers target VMware servers with Log4Shell exploits

The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. The ...
Computing

Apache Commons Text vulnerability not as serious as Log4Shell, researchers say

The newly disclosed RCE bug stems from the insecure implementation of Commons Text's variable interpolation feature, but it is hard to exploit Over the last few days, security researchers have been ...