Oracle Critical Patch Update for July 2022
Oracle has released its Critical Patch Update for July 2022 to include 349 vulnerability fixes across multiple products. The updates also include fixes for Log4j and Spring Framework vulnerabilities.
Log4j
Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)
The Cybersecurity and Infrastructure Security Agency (CISA)Â warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.
Millions of Java apps still vulnerable to Log4Shell
Researchers have found millions of Java applications still vulnerable in the wild to the infamous Log4Shell vulnerability CVE-2021-44228, more than four months after the severe flaw was discovered.
Deep Panda APT group launches new attacks against Log4Shell vulnerability to install Fire Chili rootkits
In the past month, researchers from FortiLabs have detected a new cyber campaign involving Chinese Advanced Persistent Threat (APT) group Deep Panda that has exploited the Log4Shell (log4j) vulnerability CVE-2021-44228 on vulnerable VMware Horizon servers to install digitally signed Fire Chili rootkits.
SAP March 2022 Security Patch Day addresses 2 new Critical vulnerabilities
Software giant SAP has released March 2022 Security Patch Day that includes 12 separate security advisories and patches, to include 1 Critical log4j vulnerability.
SAP February 2022 Security Patch Day addresses Critical log4j and ICMAD vulnerabilities
Software giant SAP has released February 2022 Security Patch Day that includes 19 separate security advisories and patches, to include fixes for critical log4j and ICMAD vulnerabilities.
SAP January 2022 Security Patch Day addresses Critical and High risk vulnerabilities
Software giant SAP has released January 2022 Security Patch Day that includes nine separate security advisories and patches, three of those were updates to previously released patches from December.
Threat hunters discover Aquatic Panda Log4Shell exploit attempts
Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.
Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)
The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.
Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046)
As affected organizations and vendors continue to identify products affected by Log4Shell remote code execution (RCE) Log4j vulnerability, Apache has released additional Log4j security updates to fix another RCE vulnerability (CVE-2021-45046).