Enlarge (credit: Getty Images) Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools and the unique way it deploys them. […]
Tag: log4shell
Patch systems vulnerable to critical Log4j flaws, UK and US officials warn
Enlarge (credit: Getty Images) Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning. CVE-2021-44228 is one associated with the most severe vulnerabilities to come to light in […]
As Log4Shell wreaks havoc, payroll service reports ransomware attack
Enlarge (credit: Getty Images) As the world is beset by Log4Shell , arguably the most severe vulnerability ever, one of the biggest payroll processors will be reporting a ransomware attack that has taken its systems offline for at least the next several weeks. The company said on Sunday that services using the Kronos Private Cloud […]
The Log4Shell zeroday 4 days on. What is it and how bad is it really?
Enlarge (credit: Getty Images / Bill Hinton ) Log4Shell is the name given to a critical zeroday vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, the logging utility used by thousands if not millions of apps, including those […]
The Internet’s biggest players are all affected by critical Log4Shell 0-day
Enlarge (credit: Kevin Beaumont ) The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and Baidu. The vulnerability, now going […]