Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions

Specialists of information security company CrowdStrike warn: the Chinese cyber-espionage hack group Aquatic Panda uses the Log4Shell vulnerabilities, with the help of which a large educational institution was compromised. Let me remind you that the CVE-2021-44228 vulnerability, also called Log4Shell and LogJam, was discovered in the popular Log4j logging library in early December. The researchers… Continue reading Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions

Apache Log4j Vulnerability explained by Google

Google Java Apache Log4j Vulnerability

On December 17th, 2021 in their blog Google Open Source Insights Team explained the whole situation they observed concerning Apache Log4j Vulnerability. They described the widespread vulnerability and current progress in fixing the open source JVM ecosystem. Also Team shared their thoughts on how long it will possibly take for this vulnerability to be fixed… Continue reading Apache Log4j Vulnerability explained by Google

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages