Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
BGR

Internet Is Scrambling To Fix Log4Shell, The Worst Hack In History

Massive data breaches have become so common that we've gotten numb to reports detailing another hack or 0-day exploit. That doesn't reduce the risk of such events happening, as the cat-and-mouse game ...
Threat Post

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. The Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber ...
IT News For Australia Business

When AWS fixed Log4Shell, it created new vulnerabilities

Within days of the discovery of the Log4Shell vulnerability last December, AWS shipped hotpatches for the bug – and in doing so, created a new set of serious security holes. This week, researchers ...
Bleeping Computer

CISA: Log4Shell exploits still being used to hack VMware servers

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote ...
CSOonline

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk. Researchers have warned ...
ZDNet

Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit

Deep Panda has launched new attacks this month that exploit Log4Shell to deploy the new Fire Chili rootkit. Deep Panda is a Chinese advanced persistent threat (APT) hacking group that has been active ...