Researchers detected a new sample of FritzFrog malware, that is known for creating significant botnets. The new threat sample includes the functionality to exploit flaws in network assets, including the infamous Log4Shell vulnerability. As it turns out, even 2 years past the discovery and feverish updating, there are quite a few instances vulnerable to such… Continue reading New FritzFrog Botnet Sample Exploits Log4Shell and PwnKit
Tag: Log4Shell
OpenSSL Patches Released and Critical Vulnerability Turns Out to be Not So Critical
At the end of October, OpenSSL developers warned that the upcoming update to version 3.0.7 would close a critical vulnerability. Notably, this would only be the second critical bug in OpenSSL since 2016. Now that OpenSSL 3.0.7 has been officially released, it turned out that fixes were released for two serious vulnerabilities at once, and… Continue reading OpenSSL Patches Released and Critical Vulnerability Turns Out to be Not So Critical
New Vulnerability in Apache Commons Text Is Already Being Attacked by Hackers
According to WordPress security firm Defiant, attempts have already been made to exploit a new vulnerability in Apache Commons Text (CVE-2022-42889). Called Text4Shell and affects versions 1.5 to 1.9 of the library. Some believe that this issue could become the new Log4Shell. The issue scored 9.8 out of 10 on the CVSS vulnerability rating scale.… Continue reading New Vulnerability in Apache Commons Text Is Already Being Attacked by Hackers
Amazon Patch for Log4Shell allowed privilege escalation
Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users. The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host. Let me remind you that… Continue reading Amazon Patch for Log4Shell allowed privilege escalation
Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions
Specialists of information security company CrowdStrike warn: the Chinese cyber-espionage hack group Aquatic Panda uses the Log4Shell vulnerabilities, with the help of which a large educational institution was compromised. Let me remind you that the CVE-2021-44228 vulnerability, also called Log4Shell and LogJam, was discovered in the popular Log4j logging library in early December. The researchers… Continue reading Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions
Another vulnerability found in Log4j, this time it is a denial of service
Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service
Experts are already fixing attacks on the Log4Shell vulnerability
Security researchers are already scanning the network looking for products affected by a dangerous bug in the Log4j library and are fixing the results of cybercriminals’ attacks on a Log4Shell vulnerability. The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, etc. An issue in the popular Log4j logging library included in the… Continue reading Experts are already fixing attacks on the Log4Shell vulnerability
0-day In Log4j Library Poses A Threat To Many Applications & Servers
The Apache Software Foundation has released an emergency security update that fixes a 0-day vulnerability (CVE-2021-44228) in the popular Log4j logging library, which is part of the Apache Logging Project. The patch was released as part of the 2.15.0 release. The vulnerability was named Log4Shell and scored 10 out of 10 points on the CVSS… Continue reading 0-day In Log4j Library Poses A Threat To Many Applications & Servers