ZDNet

Log4j flaw attack levels remain high, Microsoft warns

Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
Bleeping Computer

Log4j vulnerability now used to install Dridex banking malware

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking ...
CSOonline

4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk. The IT security community has been hard at work for the past ...
CRN

Conti Ransomware Hitting VMware vCenter With Log4j Exploit

‘[The] Log4j2 vulnerability appears … for Conti at the moment when the syndicate has both the strategic intention and the capability to weaponize it for its ransomware goals,’ says AdvIntel in a ...