Dark Reading

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November — even though the number of publicly ...
Nasdaq

Media Alert: Qualys Offers Free Access to Its Web Application Scanning App to Help Organizations Quickly Find Log4Shell Vulnerabilities

FOSTER CITY, Calif., Dec. 17, 2021 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is ...
Threat Post

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. The Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber ...
ZDNet

These hackers used Log4Shell vulnerability to target US energy firms

State-backed hackers behind the infamous crypto-stealing group Lazarus are now using the Log4Shell flaw to breach energy firms in North America and Japan for purposes of espionage. Cisco's Talos ...
ZDNet

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...
Bleeping Computer

NHS warns of hackers exploiting Log4Shell in VMware Horizon

UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. Log4Shell is an exploit for ...
Bleeping Computer

Hackers start pushing malware in worldwide Log4Shell attacks

Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article, we have compiled the known payloads, ...
Dark Reading

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

Enterprise data lakes are filling up as organizations increasingly embrace artificial intelligence (AI) and machine learning — but unfortunately, these are vulnerable to exploitation via the Java ...