Search Results: log4shell

Three-quarters of Organizations are Still Vulnerable to Log4Shell

Tenable says organizations still need to be vigilant in remediating Log4Shell nearly a year after the bug's discovery.

November 30, 2022 Zachary Comeau Leave a Comment

New research from vulnerability management software company Tenable finds that nearly three-quarters of organizations remain vulnerable to the Log4Shell vulnerability as of Oct. 1, nearly a full calendar year after the critical bug in the widely used Java logging tool Log4j was discovered. When Log4Shell was discovered in December 2021, Tenable found that one in […]

ProxyShell, Log4Shell Among Most Exploited Security Bugs

New cybersecurity trends report from Palo Alto Networks finds that attackers are quickly exploiting new vulnerabilities.

July 27, 2022 Zachary Comeau Leave a Comment

Updating systems and patching security vulnerabilities has always been a key part of the job for any IT or security professional, but a new report from cybersecurity giant Palo Alto Networks sheds new light on just how quickly threat actors are leveraging new vulnerabilities. The Santa Clara, Calif.-based security software provider’s Unit 42 Incident Response […]

Log4Shell Will Remain an Issue For a Decade

The Log4Shell bug will remain an issue for IT and security teams for possibly a decade or longer, says new Cyber Safety Review Board report.

July 25, 2022 Zachary Comeau Leave a Comment

The critical vulnerability discovered late last year in the popular Java logger Log4j will be impacting IT environments for years due to the difficulty in finding and remediating vulnerable instances of the tool, according to a new report from the U.S. Department of Homeland Security’s Cyber Safety Review Board. The board—established in the wake of […]

Log4Shell Exploitation Continues, Agencies Warn

Multiple hacking groups are leveraging the vulnerability in the ubiquitous Log4J tool six months after it was first discovered, CISA says.

June 24, 2022 Zachary Comeau Leave a Comment

More than six months after the Log4Shell vulnerability was discovered in the widely used Java logger Log4j, cybersecurity agencies are warning of the continued exploitation of the bug in unpatched VMWare Horizon and Unified Access Gateway servers. The U.S. Cybersecurity and Infrastructure Agency (CISA), along with the U.S. Coast Guard Cyber Command (CGCYBER), say malicious […]

Should Log4Shell Still Keep CISOs Up at Night?

Invicti's Dan Murphy explains why CISOs shouldn't be worried about Log4Shell's impact, months after the Log4j threat.

June 7, 2022 Dan Murphy Leave a Comment

In December 2021, the Apache Software Foundation disclosed that the popular Log4j framework contained a critical vulnerability that allowed remote code execution (RCE).  It caused a security earthquake, keeping many CISOs up at night. The aftershocks are still felt. The vulnerability, known as Log4Shell, was extremely easy to exploit. Put simply, it allowed any malicious […]

VMware Horizon Servers Still Under Log4Shell Attacks

Hackers are still using the Log4Shell exploit to attack VMware Horizon servers and deploy cryptominers and backdoors, according to Sophos.

March 29, 2022 Zachary Comeau Leave a Comment

Hackers are continuing to leverage the Log4Shell vulnerability to attack VMware Horizon servers and deploy cryptocurrency mining malware and backdoors, with a large wave of such attacks from mid-January still ongoing, according to cybersecurity firm Sophos. In a new report, Sophos says the attempts to leverage Horizon continued and grew in number throughout January and […]

Data Theorem Releases Critical Insight into Log4Shell Vulnerability to Assist Security Teams in Addressing the Exploit

December 23, 2021 TechDecisions Staff Leave a Comment

Data Theorem Analyzer Engine Discovers Unique Mutation of Log4Shell to Help Research Teams Detect APIs and Servers Vulnerable to Attack PALO ALTO, Calif.–(BUSINESS WIRE)–#AppSec–Data Theorem, Inc., a leading provider of modern application security, today announced it has uncovering specific scenarios that can help IT teams discover the Log4Shell vulnerability exploit and stop it from causing […]

CrowdStrike: VMware ESXi in the RaaS Crosshairs

Cybersecurity researchers are noting an uptick in Ransomware-as-a-Service groups targeting VMware ESXi vSphere hypervisors.

May 15, 2023 Zachary Comeau Leave a Comment

Cyberattacks are continuing to target VMware ESXi vSphere hypervisors, with cybersecurity firm CrowdStrike reporting today that ransomware-as-a-service (RaaS) platforms are increasingly being leveraged to deploy Linux versions of ransomware tools. According to the cybersecurity giant, these tools are specifically designed to affect VMware’s ESXi vSphere hypervisor. The company’s research into these kind of attacks date […]

These Dangerous Vulnerabilities on CISA’s KEV List Are Still Being Widely Exploited

Despite patches being available for most of the bugs in CISA's Known Exploited Vulnerabilities catalog, many devices remain unpatched.

April 3, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has been keeping an updated list of Known Exploited Vulnerabilities (KEV) that currently includes more than 900 security bugs, with the goal of helping inform organizations about vulnerabilities that should be prioritized. Despite that awareness campaign and emphasis on vulnerabilities that have been exploited in the wild, new […]

Older, Unpatched Vulnerabilities Are Still Wreaking Havoc

Older vulnerabilities that remain unpatched are still the primary vehicle for cyberattacks, Tenable report finds.

February 28, 2023 Zachary Comeau Leave a Comment

Older vulnerabilities for which patches have already been made available by the vendor are still the primary vehicle for cyberattacks, suggesting that organizations are still behind in practicing good cyber hygiene, according to new data from Tenable. The Columbia, M.D.-based provider of vulnerability management software finds in its 2022 Threat Landscape Report that the number […]