ITWire

Logjam: Log4j exploit attempts continue in globally distributed scans, attacks

**COMPANY NEWS:** Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional ...
Threat Post

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices

On-demand Event: Watch NOW to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk. On-demand Event: Watch NOW to learn why the Log4j vulnerability remains ...
Dark Reading

'Proxyjacking' Cybercriminals Exploit Log4j in Emerging, Lucrative Cloud Attacks

Threat actors have found a lucrative new attack vector that hijacks legitimate proxyware services, which allow people to sell portions of their Internet bandwidth to third parties. In large-scale ...
JD Supra

Log4j is a Critical Threat

Takeaway: Log4j, also known as the Log4Shell vulnerability, is a critical threat, and no organization should assume it is safe. Determining exposure to Log4j, and fixing vulnerabilities, should be a ...
Bleeping Computer

New Linux botnet exploits Log4J, uses DNS tunneling for comms

A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells ...
ZDNet

Within hours of the Log4j flaw being revealed, these hackers were using it

A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j ...
JD Supra

Log4J - Who does it impact?

Takeaway: Organizations of all types and sizes should actively manage exposure to loss due to the Log4j vulnerability. Doing so will not be easy. The Log4j program is present in so many applications ...
Dark Reading

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November — even though the number of publicly ...
TechRepublic

Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’

CSRB has released a report saying that the Log4j exploit is here to stay long-term, meaning businesses should be ready in case of a cyber attack. The Cyber Safety Review Board (CSRB) recently labeled ...
Hosted on MSN

Apache Log4j - The Exploit That Nearly Brought Down the Internet

A single flaw in Apache Log4j spiraled into one of the most dangerous exploits ever found. Experts warned it could have taken down the entire internet. White House responds to Trump-Putin documents ...
Infosecurity-magazine.com

RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds

Three years after its discovery, the Log4J vulnerability (CVE-2021-44228) exploit remains one of the most attempted exploits observed by cloud security provider Cato Networks. Cato Cyber Threat ...