The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”
The Cybersecurity and Infrastructure Security Agency (CISA)Â warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.
The Cybersecurity Advisory (CSA) published details on the top 15 vulnerabilities most routinely exploited by malicious cyber actors in 2021. Common CVEs include Log4Shell, ProxyLogon, ProxyShell, ZeroLogon and others.
Researchers have found millions of Java applications still vulnerable in the wild to the infamous Log4Shell vulnerability CVE-2021-44228, more than four months after the severe flaw was discovered.
In the past month, researchers from FortiLabs have detected a new cyber campaign involving Chinese Advanced Persistent Threat (APT) group Deep Panda that has exploited the Log4Shell (log4j) vulnerability CVE-2021-44228 on vulnerable VMware Horizon servers to install digitally signed Fire Chili rootkits.
Software giant SAP has released March 2022 Security Patch Day that includes 12 separate security advisories and patches, to include 1 Critical log4j vulnerability.
Software giant SAP has released February 2022 Security Patch Day that includes 19 separate security advisories and patches, to include fixes for critical log4j and ICMAD vulnerabilities.
Software giant SAP has released January 2022 Security Patch Day that includes nine separate security advisories and patches, three of those were updates to previously released patches from December.
Microsoft has released the January 2022 Security Updates that includes patches and advisories for 127 vulnerabilities, 10 of those rated Critical.
Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.
