Security News

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month.

Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode. In March 2022, Valtix worked with an independent research firm to survey 200 cloud security leaders to understand how the vulnerability has influenced security teams.

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers did a search on the Shodan search engine to see how many apps vulnerable to Log4Shell are exposed to the internet.

Although the public interest and focus of the infosec community have moved to newer vulnerabilities and exploits, Log4Shell continues to be a large-scale problem and a grave security risk. The last time we touched the subject of Log4Shell exploitation was roughly two months ago when a Barracuda report highlighted that it was primarily botnets that leveraged it for DDoS and cryptocurrency mining.

Amazon Web Services has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host.

Spring4Shell has dominated the information security news these last six days, but Log4Shell continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in attacks in the wild. Some attackers are popping them and deploying backdoors, reverse shells and remote monitoring tools, possibly preparing them for future attacks involving ransomware or corporate espionage.

A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. Cybersecurity firm CrowdStrike, which assigned the panda-themed name to the group all the way back in July 2014, called it "One of the most advanced Chinese nation-state cyber intrusion groups."

A critical security vulnerability has bloomed in the Spring Cloud Function, which could lead to remote code execution and the compromise of an entire internet-connected host. Spring Cloud is an open-source microservices framework: A collection of ready-to-use components which are useful in building distributed applications in an enterprise.

Three months into Log4Shell, the Qualys Cloud Platform suggests that 30% of the Log4j instances still remain unpatched. Qualys research team reveals the current state of Log4Shell.

Log4Shell: Still out there, still dangerous, and how to protect your systems. Here's the strange thing: 83% of the attacks that have tried the exploit Log4Shell originated in the United States.