Log4Shell Archives - Cyber Security Minute

Iranian Government Hackers Exploit Log4Shell in SysAid Apps for Initial Access

Issued by: Security Week

The Log4Shell vulnerability affecting the Apache Log4j logging utility came to light in December 2021. The flaw, identified as CVE-2021-44228, can be exploited for remote code execution and it has been leveraged by both profit-driven cybercriminals and state-sponsored cyberspies. Log4Shell impacts the products of several major companies that use Log4j, but in many attacks the…

Software Security

Scribe Integrity helps developers authenticate open-source and proprietary source code

Issued by: Help Net Security

Scribe Security released Scribe Integrity, a code integrity validator that authenticates open-source and proprietary source code, and an integral building block of its platform solving the software supply chain security challenge. Scribe Integrity provides developers with an added layer of visibility, allowing developers peace of mind that the code they are using is safe. Scribe…

Vulnerabilities

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Issued by: Trend Micro Blog

Trend Micro Research recently analyzed several cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. After investigating the chain of events, we found that many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with…

Vulnerabilities

Serious Vulnerabilities Found in AWS’s Log4Shell Hot Patches

Issued by: Security Week

Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…

Vulnerabilities

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

Issued by: Dark Reading

While the worst of Log4Shell may be behind us and much work remains, let’s say “Well done” to the security engineers and managers who labored in the trenches in recent weeks. But if you thought the Log4j vulnerability was last year’s problem, think again. In 2022, this vulnerability will require care and attention to fully…

Vulnerabilities

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution

Issued by: Security Week

Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December. As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial…

Vulnerabilities

Log4Shell is a dumpster fire that should have been avoided

Issued by: Help Net Security

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…