Nearly 4,000 organizations still vulnerable to Log4Shell
About just over a third of enterprise applications that rely on Log4j libraries are still using a version vulnerable to Log4Shell.
That's according to figures from Veracode. Many companies still have not addressed the Log4j vulnerability in their applications, which has been known for two years,... Read more
Log4Shell in 2023: big impact still reverberates
Log4Shell hit the market hard at the end of 2021. According to a recent story we published, it's still one of the biggest vulnerabilities, 18 months after it initially appeared. How serious is the threat of Log4Shell in 2023?
Log4Shell continues to haunt us. The exploitation of a vulnerability i... Read more
Log4Shell still a big problem after nearly a year and a half
According to Arctic Wolf research, the Log4Shell vulnerability is still being massively abused a year after it was identified.
Arctic Wolf collected data on global threats, malware, digital forensics and incident response (IR) cases. This to determine the key threat trends of 2022. "Arctic Wolf ... Read more
‘One in three Log4j instances remain unpatched despite critical bug’
A third of all Log4j instances remains unpatched more than four months after the discovery of a highly critical vulnerability.
Qualys research shows that about 30 percent of all applications, servers and systems running Log4j are still prone to Log4Shell, the infamous vulnerability. Remote hacke... Read more
New Linux botnet exploits Log4j
The malware uses DNS tunneling for communications
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies.
The ne... Read more
Iranian state hackers attack VMware Horizon servers
The state sponsored TunnelVision group exploits critical Log4j flaw to infect targets with ransomware.
Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said this week.
Security firm Sentin... Read more
SAP patches several critical Log4j vulnerabilities
SAP released patches for a series of vulnerabilities in its software portfolio. Multiple critical Log4j vulnerabilities were resolved.
Most of the vulnerabilities were discovered by security specialist Onapsis. Onapsis found so-called ICMAD vulnerabilities that allow attackers to perform various... Read more
‘Log4j in VMware Horizon is being exploited by access brokers’
BlackBerry security researchers conclude that hacking group Prophet Spider is actively exploiting a Log4j vulnerability in unpatched VMware Horizon servers.
In December 2021, VMware published a patch to fix a Log4j vulnerability in VMware Horizon. A month later, a UK government security team war... Read more
Log4J hackers continue targeting VMware Horizon servers
VMware is rushing to convince customers to apply the latest security guidance.
According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.
Two weeks ago, the UK's National Health Service (NHS)... Read more
Microsoft finds a new SolarWinds vulnerability during Log4j research
A Log4j investigation led Microsoft to a new vulnerability related to the infamous SolarWinds attack of 2020.
Microsoft states that the search for various Log4j vulnerabilities yielded a welcome byproduct. During a recent investigation, researchers stumbled upon a previously unknown vulnerabilit... Read more