The Record

Log4Shell attacks began two weeks ago, Cisco and Cloudflare say

While a public proof-of-concept code was released last Thursday, attacks exploiting the Log4Shell vulnerability started two weeks ago. The first attacks were observed on December 1 and December 2, ...
Dark Reading

FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts

A new variant of an advanced botnet called "FritzFrog" has been spreading via Log4Shell. It's been more than two years since the critical vulnerability in Log4j was first unleashed unto this earth, ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
SDxCentral

Arctic Wolf: Log4Shell Has a Long Tail

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...
CPO Magazine

Despite a Year of Warnings and Patching, Nearly 3 Out of 4 Organizations Still Vulnerable to Log4Shell

A number of security experts have predicted that the Log4Shell vulnerability will haunt organizations for at least a decade, and maybe longer. Those fears look to be well founded as a new report from ...
ZDNet

These hackers used Log4Shell vulnerability to target US energy firms

State-backed hackers behind the infamous crypto-stealing group Lazarus are now using the Log4Shell flaw to breach energy firms in North America and Japan for purposes of espionage. Cisco's Talos ...
CSOonline

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely. The US Cybersecurity and Infrastructure ...
Virtualization Review

Feds Warn Log4Shell Exploits Still Hitting VMware Horizon, UAG Systems

VMware's many and varied cybersecurity troubles just won't go away. The Cybersecurity and Infrastructure Security Agency (CISA) this week updated last month's advisory about threat actors continuing ...
Computer Weekly

Log4Shell on its way to becoming ‘endemic’

The Log4Shell vulnerability in Apache Log4j, which caused consternation across the technology industry when it surfaced at the end of 2021, will be with us for a long time to come, perhaps as long as ...
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
Homeland Security Today

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced ...