Security news aggregator

Latest coverage for Log4Shell

Log4Shell is a critical flaw in Apache Log4j that can let attackers execute code remotely in Java applications using the library.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Log4Shell is a remote-code-execution vulnerability in Apache Log4j, a Java library used to record application events. Identified as CVE-2021-44228, it can be triggered when an affected Log4j version processes attacker-controlled text containing a specially crafted lookup. In vulnerable configurations, that lookup can cause the application to contact an attacker-controlled service and load code, potentially giving the attacker control of the host. Exploitation is not automatic in every deployment, but the library’s widespread use made the vulnerability significant.

Security teams must account for Log4j bundled inside applications and other dependencies, not only software they installed directly. Vulnerability management therefore requires dependency inventory, version verification, and upgrading or otherwise mitigating affected installations according to Apache’s guidance. Teams should also review application and network logs for exploitation attempts, restrict unnecessary outbound connections, and investigate systems that may have processed malicious lookups. If compromise is suspected, response may require isolating the host and rotating credentials or secrets accessible to the affected process.

Showing 1 most recent headlines Filtered view

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server