Amazon Patch for Log4Shell allowed privilege escalation

Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users. The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host. Let me remind you that… Continue reading Amazon Patch for Log4Shell allowed privilege escalation

Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions

Specialists of information security company CrowdStrike warn: the Chinese cyber-espionage hack group Aquatic Panda uses the Log4Shell vulnerabilities, with the help of which a large educational institution was compromised. Let me remind you that the CVE-2021-44228 vulnerability, also called Log4Shell and LogJam, was discovered in the popular Log4j logging library in early December. The researchers… Continue reading Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions

Another vulnerability found in Log4j, this time it is a denial of service

Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages

Experts are already fixing attacks on the Log4Shell vulnerability

Security researchers are already scanning the network looking for products affected by a dangerous bug in the Log4j library and are fixing results of cybercriminals’ attacks on a Log4Shell vulnerability. The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, and so on. An issue in the popular Log4j logging library included in… Continue reading Experts are already fixing attacks on the Log4Shell vulnerability