Log4Shell

Logz.io Security Update: Log4j / Log4Shell Vulnerability Response

Feb 6, 2022 by iHash Leave a Comment

On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J library, a Java-based logging tool widely used in applications around the world. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers – impacting a broad range of services and applications.Logz.io has been aware of the … [Read more...] about Logz.io Security Update: Log4j / Log4Shell Vulnerability Response

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Jan 23, 2022 by iHash Leave a Comment

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input … [Read more...] about Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Investigate Log4Shell exploits with Elastic Security and Observability

Jan 16, 2022 by iHash Leave a Comment

OverviewFollowing the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.In this blog, we expand on these initial posts and highlight how the combination of security and … [Read more...] about Investigate Log4Shell exploits with Elastic Security and Observability

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

Dec 30, 2021 by iHash Leave a Comment

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately … [Read more...] about Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

AQUATIC PANDA in Possession of Log4Shell Exploit Tools

Dec 29, 2021 by iHash Leave a Comment

Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others. Adversarial behavior … [Read more...] about AQUATIC PANDA in Possession of Log4Shell Exploit Tools

How to Baseline and Hunt Log4Shell with the Falcon Platform

Dec 23, 2021 by iHash Leave a Comment

Note: This post first appeared in r/CrowdStrike. First and foremost: if you’re reading this post, I hope you’re doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, it’s very likely that you and your team are in the throes of hunting, assessing … [Read more...] about How to Baseline and Hunt Log4Shell with the Falcon Platform

How CrowdStrike Protects Customers from Log4Shell Threats

Dec 15, 2021 by iHash Leave a Comment

Log4Shell, the latest critical vulnerability, found in the Log4j2 Apache Logging Services library, poses a serious threat to organizations Active attempts to exploit the vulnerability were identified in the wild, currently making it the most severe threat CrowdStrike utilizes indicators of attack (IOAs) and machine learning to protect our customers CrowdStrike continues to … [Read more...] about How CrowdStrike Protects Customers from Log4Shell Threats

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Dec 13, 2021 by iHash Leave a Comment

Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo … [Read more...] about Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Log4Shell: critical vulnerability in Apache Log4j

Dec 12, 2021 by iHash Leave a Comment

Various information security news outlets reported on the discovery of critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). Millions of Java applications use this library to log error messages. To make matters worse, attackers are already actively exploiting this vulnerability. For this reason, the Apache Foundation recommends … [Read more...] about Log4Shell: critical vulnerability in Apache Log4j

AdGuard VPN + Ad Blocker Family Security Suite for $49

Microsoft Office 2024 Home for Mac or PC: One-Time Purchase for $119

ASUS 14" Chromebook C424 (2021) Intel N4020 4GB RAM 128GB eMMC (Refurbished) for $174

Lenovo IdeaPad 5, 14" Touchscreen 2-in-1 Laptop (2024) AMD Ryzen 7, 16GB RAM 1TB SSD Windows 11 Home Cosmic Blue (Refurbished) for $649

Stacks Be Productive Plan: Lifetime Subscription for $29