#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Log4j | Breaking Cybersecurity News | The Hacker News

Category — Log4j
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

Dec 11, 2023 Vulnerability / Espionage
The notorious North Korea-linked threat actor known as the  Lazarus Group  has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based malware families, including a RAT called NineRAT that leverages Telegram for command-and-control (C2), DLRAT, and a downloader dubbed BottomLoader. The cybersecurity firm described the latest tactics of the adversary as a definitive shift and that they overlap with the cluster widely tracked as Andariel (aka Onyx Sleet or Silent Chollima), a sub-group within the Lazarus umbrella. "Andariel is typically tasked with initial access, reconnaissance and establishing long term access for espionage in support of the North Korean government's national interests," Talos researchers Jung soo An, As...
Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation

Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation

Feb 04, 2022
Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful and instructive for security practitioners to have a deeper understanding of this most recent critical vulnerability. Fortunately, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [ Register here ] to provide "buzzword free" insights into Log4Shell. Based on a webinar preview provided by Cynet, the discussion will cover the software bugs in Apache Log4j that permitted the critical vulnerability, the exploits used to take advantage of the vulnerabilities and the remediation options available to protect your organization. This webinar will help make sense of the so...
Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Nov 18, 2024Penetration Testing / Network Security
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%), according to the Kaseya Cybersecurity Survey Report 2024 . Compliance-focused testing can catch vulnerabilities that exist at the exact time of testing, but it's not enough to stay ahead of attackers in a meaningful way. Why More Frequent Testing Makes Sense When companies test more often, they're not just checking a box for compliance—they're actually protecting their networks. The Kaseya survey also points out that the top drivers for network penetration testing are: Cybersecurity Control and Validation (34%) – ensuring the security controls work and vulnerabilities are minimized. Re...
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Jan 20, 2022
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as  CVE-2021-35247  (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center (MSTIC)  said . The flaw, which was discovered by security researcher Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior, and has been addressed in Serv-U version 15.3. "The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized," SolarWinds  said  in an advisory, adding it "updated the input mechanism to perform additional validation and sanitization." The IT management software maker also pointed out that "no downstre...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

Jan 08, 2022
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched  VMware Horizon  servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure," the non-departmental public body  said  in an alert. "Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service." The web shell, once deployed, can serve as a conduit to carry out a multitude of post-exploitation activities such as deploying additional malicious software, data exfiltration, or deployment of r...
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

Dec 30, 2022
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging  critical flaws  in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors. The attempted intrusion exploited the newly discovered  Log4Shell  flaw (CVE-2021-44228, CVSS score: 10.0) to gain access to a vulnerable instance of the  VMware Horizon  desktop and app virtualization product, followed by running a series of malicious commands orches...
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Dec 16, 2021
Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a  second bug  disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. The new vulnerability, assigned the identifier  CVE-2021-45046 , makes it possible for adversaries to carry out denial-of-service (DoS) attacks and follows disclosure from the Apache Software Foundation (ASF) that the original fix for the remote code execution bug — CVE-2021-44228 aka Log4Shell — was "incomplete in certain non-default configurations." The issue has since been addressed in Log4j version 2.16.0. "This vulnerability is actively being exploited and anyone using Log4j should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0," Cloudflare's Andre Bluehs and Gabriel ...
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Dec 14, 2021
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called  Khonsari  as well as a remote access Trojan named  Orcus  by exploiting the recently disclosed critical Log4j vulnerability . The attack leverages the remote code execution (RCE) flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension ".khonsari" and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files. Tracked as CVE-2021-44228 , the RCE vulnerability is also known by the monikers "Log4Shell" or "Logjam" and impacts versions 2.0-beta9 to 2.14.1 of the software library. In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks. Log4j is an op...
Expert Insights / Articles Videos
Cybersecurity Resources