Log4j Archives - Page 2 of 3 - Security Affairs

Pierluigi Paganini December 29, 2021

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last […]

Pierluigi Paganini December 27, 2021

Experts monitor ongoing attacks using exploits for Log4j library flaws

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, […]

Pierluigi Paganini December 24, 2021

NVIDIA informs customers of its products affected by Log4j flaws

NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. The company states that the following products are not impacted by the Log4j vulnerabilities: GeForce Experience client software GeForceNOW […]

Pierluigi Paganini December 23, 2021

HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems

The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘Hack DHS‘ bug bounty program. Below is the […]

Pierluigi Paganini December 22, 2021

CISA releases a scanner to identify web services affected by Apache Log4j flaws

US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. “This repository provides a scanning solution […]

Pierluigi Paganini December 21, 2021

More than 35,000 Java packages impacted by Log4j flaw, Google warns

Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and […]

Pierluigi Paganini December 21, 2021

Log4j Vulnerability Aftermath

Uptycs researchers have observed attacks related to miners, DDOS malware and some variants of ransomware actively leveraging LogforShell flaw in log4j. Last week the Log4j vulnerability turned the internet upside down. The impact of the vulnerability is massive and attackers have started taking advantage of the flaw. So far we have observed attacks related to […]

Pierluigi Paganini December 20, 2021

A new attack vector exploits the Log4Shell vulnerability on servers locally

Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. Researchers from cybersecurity firm Blumira devised a new attack vector that relies on a Javascript WebSocket connection to exploit the Log4Shell vulnerability on internal and locally exposed unpatched Log4j applications. Experts pointed out that this […]

Pierluigi Paganini December 19, 2021

TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks

The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from KnownSec 404 Team and Sangfor Threat Intelligence Team reported that the TellYouThePass ransomware resurged and is exploiting the Apache Log4j CVE-2021-44228 flaw to target both Linux and Windows systems. “On December 13, Sangfor’s terminal security […]

Pierluigi Paganini December 18, 2021

Apache releases the third patch to address a new Log4j flaw

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library a third security vulnerability made the headlines. […]

Log4j

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

Experts monitor ongoing attacks using exploits for Log4j library flaws

NVIDIA informs customers of its products affected by Log4j flaws

HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems

CISA releases a scanner to identify web services affected by Apache Log4j flaws

More than 35,000 Java packages impacted by Log4j flaw, Google warns

Log4j Vulnerability Aftermath

A new attack vector exploits the Log4Shell vulnerability on servers locally

TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks

Apache releases the third patch to address a new Log4j flaw

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

Marquis data breach impacted more than 780,000 individuals

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

QUICK LINKS

Log4j

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!