Other cyber security stories have really overtaken the log4j/log4shell issue, but it is still out there and sometimes, because developers are so dependent on the framework, patches lead to more issues. Here is an example where even the biggest organisations have problems: Amazon Web Services Log4j patches blew holes in …
The log4j threat has not gone away
Here is an attack in the world targeting machines with malicious rootkits. Even though their code is poor, it is still an issue. Linux botnet exploits Log4j flaw to hijack Arm, x86 systems • The Register Log4j at Smart Thinking Solutions
log4j Timeline to date
Here is an interesting follow-up story on SANS Internet Storm Diary looking at the impact of the log4j issues and some of the exploits used. The Rise and Fall of log4shell – SANS Internet Storm Centre
Log4j exploits and behind the scenes with the Apache patching team
Here is an interesting article from the team at Apache dealing with patching the Log4j problem: The Apache Log4j team talks about the Log4Shell patching process – The Record by Recorded Future But the exploits in the wild are still happening: Threat actor target Ubiquiti network appliances using Log4Shell exploits …
Continue reading “Log4j exploits and behind the scenes with the Apache patching team”
When you have found a “good” thing, why stop?
The log4j vulnerability and it’s associated attack vectors was always going to be major cybersecurity crisis – and of course once the bad actors knew about it they would expand their exploitation. This article on the SANS internet shows how initial attempts to mitigate the log4j issue are now being …
Continue reading “When you have found a “good” thing, why stop?”