[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

Credit to Author: Pieter Arntz| Date: Fri, 10 Dec 2021 18:03:28 +0000

A zero-day vulnerability with a CVSS score of 10.0 has been discovered in Apache’s hugely popular Log4j utility.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post [Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend appeared first on Malwarebytes Labs.

Read more

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Sun, 12 Dec 2021 05:29:03 +0000

Microsoft is tracking threats taking advantage of the CVE-2021-44228 remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.

The post Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability appeared first on Microsoft Security Blog.

Read more

[Update: v2.17.0 released] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

Credit to Author: Pieter Arntz| Date: Fri, 10 Dec 2021 18:03:28 +0000

A zero-day vulnerability with a CVSS score of 10.0 has been discovered in Apache’s hugely popular Log4j utility.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post [Update: v2.17.0 released] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend appeared first on Malwarebytes Labs.

Read more

Log4Shell Response and Mitigation Recommendations

Credit to Author: Mat Gangwer| Date: Sat, 18 Dec 2021 00:20:04 +0000

Summary and Background Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems. Initially released, on December 9, 2021, Log4Shell (the nickname given to this vulnerability) is a pervasive and widespread issue due to the integrated nature of Log4j in many […]

Read more

Inside the code: How the Log4Shell exploit works

Credit to Author: gallagherseanm| Date: Fri, 17 Dec 2021 14:51:25 +0000

The critical vulnerability in Apache’s  Log4j Java-based logging utility (CVE-2021-44248) has been called the “most critical vulnerability of the last decade.”  Also known as Log4Shell, the flaw  has forced the developers of many software products to push out updates or mitigations to customers. And Log4j’s maintainers have published two new versions since the bug was discovered—the second completely eliminating the […]

Read more

CVE-2021-44228: New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild

Credit to Author: Quickheal| Date: Wed, 15 Dec 2021 10:34:59 +0000

A critical zero-day vulnerability (CVE-2021-44228) recently discovered Apache Log4J, the popular java open source logging library used in…

The post CVE-2021-44228: New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Read more

[Updated] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

Credit to Author: Pieter Arntz| Date: Fri, 10 Dec 2021 18:03:28 +0000

A zero-day vulnerability with a CVSS score of 10.0 has been discovered in Apache’s hugely popular Log4j utility.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post [Updated] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend appeared first on Malwarebytes Labs.

Read more