Talos Takes Ep. #82: Log4j followed us in 2022

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It’s…

White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

A New PowerShell Backdoor Is Being Used in Log4j Attacks

At the end of 2021 proof-of-concept exploits for a significant zero-day vulnerability discovered in the widely used Apache Log4j Java-based logging library were distributed online, exposing both home users and businesses…

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

Written by AJ Vicens Jan 11, 2022 | CYBERSCOOP A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service,…

If hackers are exploiting the Log4j flaw, CISA says we might not know yet

Written by Tim Starks Jan 10, 2022 | CYBERSCOOP Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there…

The US Federal Trade Commission (FTC) Urges Companies to Secure Consumer Data

The Federal Trade Commission is an independent agency of the United States government whose primary objective is to enforce civil antitrust law in the United States and to promote consumer…

Chinese hackers use Log4j exploit to go after academic institution

Written by Tonya Riley Dec 29, 2021 | CYBERSCOOP A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large…

The Fifth Log4j Vulnerability Has Been Fixed by Apache

Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…

The Log4j flaw is the latest reminder that quick security fixes are easier said than done

Written by AJ Vicens Dec 21, 2021 | CYBERSCOOP Cybersecurity professionals have spent weeks scrambling to address a bug in a widely used software library that could enable hackers to…

Intruders leverage Log4j flaw to breach Belgian Defense Department

Written by Tonya Riley Dec 20, 2021 | CYBERSCOOP Parts of the Belgian Defense Ministry’s computer networks have been down since Thursday after a cyber incident in which attackers exploited…