Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...

First detailed in December, the vulnerability (CVE-2021-44228) allows attackers to remotely execute code and gain access to systems that use Log4j, a widely used Java logging library.

The patch from Log4J basically disables the local mechanism and makes it a default configuration, unless people explicitly say we actually want to use that local mechanism.

Who's Using the Log4j Exploit and How? Once the Log4j vulnerability was publicly announced, multiple cyber threat actors immediately began to use it.

“The firewall detected Log4j exploit attempts hitting CCTV cameras that were exposed,” he says. Thankfully, it was a security company scanning for vulnerabilities, and not a malicious attack.

The Log4j exploit, called Log4Shell or CVE-2021-44228 by some, has been in the news this past few weeks. It’s bad! It’s everywhere! But just what is it, really? How did it make its way onto ...

Two MSPs who were not impacted still took the vulnerability as serious as possible, saying you must stay ready and assume the vulnerability is there.

Late Tuesday, Microsoft said in an update to a blog post that state-backed hackers from China, Iran, North Korea and Turkey have tried to exploit the Log4j flaw. Why is this security flaw so bad?

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.

A vulnerability in a widely used Apache library has caused Internet-wide chaos—and the trouble may just be starting.