Apache Log4j

Security

Log4j Saga Continues: Lazarus Hackers Exploit 2-Year-Old Flaw to Deploy New RAT Malware

Security researchers have disclosed that hackers are persistently exploiting the Log4j vulnerability to infiltrate organizations globally. The infamous Lazarus hacking group has recently exploited this flaw to launch a fresh wave of cyberattacks, deploying new remote access Trojans (RATs) coded in the D programming language. What is Log4j? The Log4j vulnerability, also known as Log4Shell,...

LATEST

AWS (Amazon Web Services)

AWS Confirms Log4j Hotpatch Fix Leads to Privilege Escalation

Back in December, Amazon released emergency fixes to address the Log4j vulnerability in JVMs across multiple environments, but it looks like these updates still left some security loopholes. Since Amazon published the fixes, security researchers have discovered that the original hot patch left AWS customers vulnerable to container escape and privilege escalation bugs (via The…

View Article

Apache Releases Log4j Version 2.17.1 to Patch New Remote Code Execution Vulnerability

Last month, a security researcher discovered a new zero-day exploit in the Apache Log4j Java-based logging library that threat actors could abuse to execute malicious code on affected systems. Apache has released a new update (Log4j version 2.17.1) this week that aims to address the remote code execution (RCE) vulnerability in v2.17.0. For those unfamiliar,…

View Article

Patch Tuesday December 2021 – Apache Log4j Panic and Microsoft Plugs Windows AppX Installer Zero Day

This month, a flaw in the Apache Log4j library causes panic, Microsoft patches 67 new CVEs, 7 of which are rated Critical. And Adobe delivers a boat load of patches to finish off the year in style. So, let’s get started! Apache Log4j remote code execution vulnerability Let’s start this month by talking about Log4Shell…

View Article