The FBI and CISA say an Iranian-backed threat group hacked a US Federal Civilian Executive Branch and deployed XMRig cryptomining malware via the Log4Shell flaw
Iranian Government-Sponsored APT Actors Compromise Federal Network … Cynthia Brumfield / Metacurity : Iran's Nemesis Kitten Hacked U.S. Merit Systems Protection Board to Implant Crypto Miner Danny Pal...
The CISA and US Coast Guard Cyber Command warn companies of Log4Shell exploits in the wild, citing one incident of threat actors exfiltrating over 130GB of data
The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) …
The immediate threat of attackers mass exploiting Log4Shell was averted because the severity of the bug galvanized digital and security communities into action
Chester Wisniewski / Sophos News :
CISA Director Jen Easterly says the Log4j flaw likely affects hundreds of millions of devices and may be the most serious bug she has seen in her career
A vulnerability in a widely used Apache library … Ncsc-Nl / GitHub : Log4j overview related software Kyle Alspach / VentureBeat : Log4j exploits attempted on 44% of corporate networks; ransomware payl...
CISA orders US federal civilian agencies to patch systems affected by the Log4j vulnerability by December 24
The US Cybersecurity and Infrastructure Security Agency has told federal civilian agencies to patch systems affected by the Log4Shell vulnerability by Christmas Eve. Source: CISA .
Cloudflare and Cisco Talos say Log4j zero-day attacks were first observed on December 1 and 2, ahead of mass exploitation over the weekend
While a public proof-of-concept code was released last Thursday, attacks exploiting the Log4Shell vulnerability started two weeks ago.