News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Day: Log4j

Log4j: 72 percent of companies at risk
3 January 2023
| No comments
| PR News
Log4j: 72 percent of companies at risk

According to a study gleaned from over 500 million tests, 72 percent of organizations remain at risk from the Log4j vulnerability. The data highlights the problems in fixing security vulnerabilities. When Log4Shell was discovered in December 2021, companies around the world tried to determine their risk. In the weeks after the vulnerability became known, companies reallocated their resources and invested tens of thousands of hours identifying and remediating the problem. One state's federal cabinet reported that its security team spent 33.000 hours just fixing the...

Read more

Threat Report: Log4J vulnerability further exploited
26 December 2022
| No comments
| PR News
Log4j Log4shell

Appearances are deceptive: although the number of cyber attacks is declining, cyber criminals are very active right now. The threat report confirms this. While Log4J is still under active attack, criminal actors are also using malware like Berbew, Neojitt, and FormBook to infiltrate organizations. In mid-December 2021, the BSI issued a red alert for the Log4J (also known as Log4Shell) security vulnerability. Even then, the authority warned that cybercriminals were actively exploiting the vulnerability. These fears are currently coming true, as the current threat report from G DATA CyberDefense shows. Targeted attacks on Log4J vulnerability Instead of new waves of attacks…

Read more

Log4j: Mittelstand continues high risk
10 August 2022
| No comments
| PR News
Log4j Log4shell

The majority of medium-sized companies have not yet got to the bottom of the Log4j or Log4Shell problem. Only 40 percent have addressed the problem. Tenable warns that medium-sized companies still have an immensely large attack surface. As reported by the General Association of the German Insurance Industry (GDV), only 40 percent of medium-sized companies have checked their software to see whether it is affected by the Log4j vulnerability. Even fewer companies (28 percent) stated that they had checked their systems for intruded malware as a result of the vulnerability becoming known in December 2021. "As Log4Shell (CVE-2021-44228) over six...

Read more

Vulnerabilities Spring Cloud, Spring Core, Spring4Shell
12 April 2022
| No comments
| Short news
Tenable news

Tenable explains the new vulnerabilities Spring Cloud, Spring Core - also known as Spring4Shell - which have nothing to do with Log4j or Log4Shell, even if the name suggests it. However, Spring4Shell remains unpatched as of now, making it a zero-day vulnerability. Satnam Narang, Staff Research Engineer, Tenable, discusses the differences between two vulnerabilities that are making the news right now - Spring Cloud and Spring Core (aka Spring4Shell). He also provides a blog with FAQ about Spring4Shell. Spring4Shell has nothing to do with Log4Shell “On 29….

Read more

Log4j-Log4Shell: Attackers use vulnerability for permanent server access
5 April 2022
| No comments
| PR News, Sophos
Log4j Log4shell

SophosLabs researchers discovered three backdoors and four cryptominers targeting unpatched VMware Horizon servers to gain persistent access. Sophos is today releasing its latest research on the Log4j Log4Shell vulnerability. Attackers use these to embed backdoors and script unpatched VMware Horizon Servers. This gives them persistent access to VMware Horizon Server for future ransomware attacks. In the detailed report Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers, Sophos researchers describe the tools and techniques used to compromise servers, as well as three different backdoors and…

Read more

Trending Evil Q1 2022: 30 attack campaigns against the Log4j vulnerability
18 March 2022
| No comments
| Short news

Trending Evil provides insights into the latest threats observed by Mandiant Managed Defense. The Trending Evil Q1 2022 report focuses on the ongoing impact of the Log4j /Log4Shell vulnerability and the proliferation of financially motivated attacks. 30 attack campaigns exploiting the Log4j vulnerability (CVE-2021-44228) are currently under surveillance, including activities by state attacker groups allegedly controlled by China and Iran. During the reporting period, Mandiant Managed Defense detected eleven different malware families used to exploit the Log4j / Log4Shell vulnerability. Trending Evil Q1 2022: The findings at a glance In addition, Managed Defense observed numerous financially…

Read more

Trellix Advanced Threat Research Report January 2022
15 March 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

In our company's first Trellix Advanced Threat Research report, we share the latest findings on Log4j as well as extensive research into ransomware. The Trellix (formerly McAfee Enterprise & FireEye) threat research team presents up-to-date data relevant to protecting your business and data. New Research Data on Log4j Log4j, a new vulnerability affecting a widely used Log4j library, has been released just in time for the holiday season in what is becoming an ominous tradition. What has been described as the most devastating cybersecurity breach in decades called Trellix and the cybersecurity industry to action in the fourth...

Read more

Log4j - Log4Shell Alert - Just an Isolated Case?
14 February 2022
| No comments
| Stories
Log4j - Log4Shell Alert – Just an Isolated Case?

The answer to the question of whether Log4j / Log4Shell was unique is no. Certainly, the impact of the Log4Shell vulnerability was unusual. But RCE vulnerabilities are not uncommon. This was also shown by the attack in spring 2021 by the group known as "Hafnium" on Microsoft Exchange. Software modules, such as the currently affected library, which are used in many applications in parallel and thus offer a wide range of attack points, are also part of everyday IT life. Still – what is special about the Log4j / Log4Shell incident is that all these factors come together. Other weaknesses in everyday IT This at least happens rarely,…

Read more

Study: Attacks on the software supply chain tripled
6 February 2022
| No comments
| PR News
Study: Attacks on the software supply chain tripled

Aqua Security, the leader in cloud-native security, announces the results of the latest Software Supply Chain Security Review study into software supply chain attacks. Over a period of six months, the experts were able to determine that the attacks in 2021 tripled compared to 2020. Cyber ​​criminals target vulnerabilities in the software supply chain to inject malware and backdoors. To do this, they mainly use security gaps in open source software, inject malicious code (“poisoning”) and exploit general problems with the integrity of software code. The Software Supply Chain Security Review study was conducted by Argon…

Read more

Log4j: The attack tsunami was still missing
1 February 2022
| No comments
| PR News, Sophos
Log4j Log4shell

Even if the feared mass exploitation of the Log4j / Log4Shell vulnerability has not yet taken place, the bug will be a target for attacks for years to come, according to Chester Wisniewski, Principal Research Scientist at Sophos. So far there has been no big Log4j / Log4Shell earthquake - a forensic status finding. The expert teams at Sophos have forensically analyzed the events surrounding the Log4Shell vulnerability since it was discovered in December 2021 and made an initial assessment - including a future forecast by Principal Research Scientist Chester Wisniewski and various graphics showing the exploitation of the vulnerability. The…

Read more

© 2023 MedPressIT GbR
Cookie Settings