Threat Post

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic ...
9to5Mac

iCloud and other services vulnerable to new ‘Log4Shell’ exploit impacting logging systems

A new exploit called “Log4Shell” has been giving security teams at large technology companies a headache. When exploited, the vulnerability lets hackers run malicious code on vulnerable servers, and ...
Ars Technica

Execute shell scripts via Safari (new exploit vector)

Well, here we go boys and girls.<BR><BR>Of course, you're not running as Administrator, so this isn't a problem for you, right? And you were probably smart enough to uncheck the <B>Open "Safe" files ...
GizChina

Log4Shell: This dangerous exploit can affect everything from Apple to Minecraft

For those unaware, Log4j is a popular Java-based logging package. Apache Software Foundation is the developer behind it. It's a CVE-2021-44228 patch that affects all versions of Log4j between version ...
Bleeping Computer

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell. Tracked as ...
techtimes

Log4Shell Exploit Could Take Months or Years to Solve Because of its Ubuquity, Cybersecurity Experts Say

The existence of the Log4j flaw will continue to haunt internet users for months if not years, according to cybersecurity experts. Sigmund from Unsplash The most recent attacks alerted the security ...
ZDNet

Java Spring4Shell flaw exploit attempts: These are the industries most affected

The sector most heavily impacted by the Spring4Shell Java flaw is technology, according to security firm Check Point. Spring4Shell is a bug worth paying attention to and could be a software supply ...
https//fedtechmagazine.com

How to Detect and Remove Threatening Web Shells

Tanya Candia is an international management expert, specializing for more than 25 years in information security strategy and communication for public- and private-sector organizations. Stealthy, ...
Dark Reading

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

Enterprise data lakes are filling up as organizations increasingly embrace artificial intelligence (AI) and machine learning — but unfortunately, these are vulnerable to exploitation via the Java ...
HotHardware

Nearly 70K Unpatched Exchange Servers Are Sitting Ducks For ProxyNotShell Exploit

We all like to think our organization's e-mail is secure—secure in the knowledge that your IT administrator is keeping things up to date, safe, and secure. After all, you have to change your password ...
Bleeping Computer

Hackers exploit Control Web Panel flaw to open reverse shells

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The security issue is identified ...
HHS

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: ...