JNDI Vulnerability in H2 Database Similar to Log4Shell

JFrog security researchers published a report on Thursday revealing a JNDI vulnerability located in the H2 database console, indicating the same root cause as the well-known Log4Shell bug. They also…

The Log4j flaw is the latest reminder that quick security fixes are easier said than done

Written by AJ Vicens Dec 21, 2021 | CYBERSCOOP Cybersecurity professionals have spent weeks scrambling to address a bug in a widely used software library that could enable hackers to…

MobileIron customers urged to patch systems due to potential Log4j exploitation

Cybersecurity company NCC Group is warning users of MobileIron products to patch their systems since finding exploitations through the Log4j vulnerability.  more coverage NCC Group researchers have so far seen…

NSO zero-click iMessage exploit hacks iPhone without need to click links

The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.” Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new…

Brazil investigates use of staff credentials in cyberattacks against government bodies

Following major cyberattacks against central government bodies in Brazil, initial investigations have found that malicious actors have used civil servant credentials to access systems. The finding is among a series…

The Log4j Vulnerability Is Now Used by State-Backed Hackers

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1. What Happened? Nation-state hackers…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Google: This zero-click iPhone attack was incredible and terrifying

Google has explained how surveillance company NSO Group developed an exploit that would allow users of its software to gain access to an iPhone and install spyware – without a…

Relentless Log4j Attacks Include State Actors, Possible Worm

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Call it a “logjam” of threats: Attackers including nation-state actors have already targeted…

Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold.  Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one…