Log4j

Pierluigi Paganini December 12, 2023
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least […]

Pierluigi Paganini November 17, 2022
Iran-linked threat actors compromise US Federal Network

Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […]

Pierluigi Paganini August 10, 2022
Risky Business: Enterprises Can’t Shake Log4j flaw

70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log4j. The ease of […]

Pierluigi Paganini May 22, 2022
North Korea-linked Lazarus APT uses Log4J to target VMware servers

North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […]

Pierluigi Paganini February 18, 2022
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability

Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […]

Pierluigi Paganini January 22, 2022
Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns

The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future […]

Pierluigi Paganini January 20, 2022
Threat actors attempted to exploit SolarWinds Serv-U bug in attacks in the wild, Microsoft warns

Security vendor SolarWinds has fixed a Serv-U vulnerability that threat actors attempted to exploit in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security […]

Pierluigi Paganini January 05, 2022
FTC warns legal action against businesses who fail to mitigate Log4J attacks

The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell attacks. The US Federal Trade Commission (FTC) warns legal action against companies who protect their systems against Log4Shell (CVE-2021-44228) attacks. The move aims at urging organizations in protecting their infrastructure while both nation-state actors and cybercriminals are […]

Pierluigi Paganini December 30, 2021
China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […]

Pierluigi Paganini December 29, 2021
Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last […]