Security News

The Log4j security vulnerability known as Log4Shell is shaping up to be one of the worst security flaws of the year, potentially affecting millions of applications and painting a bullseye on unpatched systems that hackers can compromise and control. Revealed last week but reported to Apache in November, Log4Shell is a zero-day vulnerability in the company's Log4J utility, which is used by developers and organizations around the world to log requests and error messages for Java applications.

As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability in the Apache Log4j Java-based logging library. Also known as Log4Shell or LogJam, the vulnerability is now being used by threat actors linked to governments in China, Iran, North Korea, and Turkey, as well as access brokers used by ransomware gangs.

Commentary: Those searching for a single cause for the Log4j vulnerability - whether it's open source is not secure, or open source is not sustainable - are getting it wrong. Open source isn't a security problem, and open source sustainability is a complicated issue.

It's the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.Of the 67 CVE-numbered flaws, CVE-2021-43890 - a Windows AppX Installer spoofing vulnerability - will, understandably, be a patching priority.

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The vulnerability is tracked as CVE-2021-44228 and is also known by the monikers "Log4Shell" or "Logjam." In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks.

It’s serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit...

Threat actors are actively weaponizing unpatched servers affected by the newly disclosed "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. The latest development comes as it has emerged that the vulnerability has been under attack for at least more than a week prior to its public disclosure on December 10, and companies like Auvik, ConnectWise Manage, and N-able have confirmed their services are impacted, widening the scope of the flaw's reach to more manufacturers.

Researchers from cybersecurity firm Cybereason has released a "Vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet.Early this morning, researchers released a proof-of-concept exploit for a zero-day remote code execution vulnerability in Apache Log4j tracked as CVE-2021-44228 and dubbed 'Log4Shell.

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Log4j is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.

The adversary may set up a "Lookalike" website, masquerading as a page that the user expected and intended to go to, but which instead delivers username and password combos to the threat actor when victims attempt to log in. Let's turn our focus to this file-attachment attack vector-specifically, malicious Microsoft Office documents, which can run code with a macro.