‘One in three Log4j instances remain unpatched despite critical bug’
A third of all Log4j instances remains unpatched more than four months after the discovery of a highly critical vulnerability.
Qualys research shows that about 30 percent of all applications, servers and systems running Log4j are still prone to Log4Shell, the infamous vulnerability. Remote hacke... Read more
New Linux botnet exploits Log4j
The malware uses DNS tunneling for communications
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies.
The ne... Read more
Iranian state hackers attack VMware Horizon servers
The state sponsored TunnelVision group exploits critical Log4j flaw to infect targets with ransomware.
Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said this week.
Security firm Sentin... Read more
SAP patches several critical Log4j vulnerabilities
SAP released patches for a series of vulnerabilities in its software portfolio. Multiple critical Log4j vulnerabilities were resolved.
Most of the vulnerabilities were discovered by security specialist Onapsis. Onapsis found so-called ICMAD vulnerabilities that allow attackers to perform various... Read more
‘Log4j in VMware Horizon is being exploited by access brokers’
BlackBerry security researchers conclude that hacking group Prophet Spider is actively exploiting a Log4j vulnerability in unpatched VMware Horizon servers.
In December 2021, VMware published a patch to fix a Log4j vulnerability in VMware Horizon. A month later, a UK government security team war... Read more
Log4J hackers continue targeting VMware Horizon servers
VMware is rushing to convince customers to apply the latest security guidance.
According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.
Two weeks ago, the UK's National Health Service (NHS)... Read more
Microsoft finds a new SolarWinds vulnerability during Log4j research
A Log4j investigation led Microsoft to a new vulnerability related to the infamous SolarWinds attack of 2020.
Microsoft states that the search for various Log4j vulnerabilities yielded a welcome byproduct. During a recent investigation, researchers stumbled upon a previously unknown vulnerabilit... Read more
Mirantis Secure Registry 3.0 makes repositories more secure and encrypted
Docker's software supply chain becomes more secure by providing a secure container registry to mitigate inherent risks
Mirantis has just launched a new product, Secure Registry 3.0, to deploy and build secure registries across any Kubernetes distribution. The in-built security features let custo... Read more
Google and IBM want worldwide lists of essential open source software
Google and IBM see public-private partnerships as the solution to identifying and securing vulnerable open source software. "Open source software should receive the same funding as bridges and roads", said Kent Walker, Chief Legal Officer at Google.
IBM and Google presented the solution during a... Read more
UK NHS warns of Log4j vulnerability in VMware Horizon
The UK's National Health Service (NHS) has issued a warning stating that hackers are actively exploiting Log4j vulnerabilities in unpatched VMware Horizon servers.
Log4j vulnerabilities are everything but a concern of the past. The problem continues to claim victims. The UK NHS recently issued a... Read more