Threat Post

The Log4j Vulnerability Puts Pressure on the Security World

It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. It’s not my intention to be alarmist about the Log4j vulnerability ...
Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
CSOonline

Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft’s Patch Tuesday blunder

Vulnerability disclosures often come in bunches, and unvetted patch updates can create their own problems. Here's how to assess and prioritize both. The past few weeks left IT professionals ...
Computer Weekly

Top three questions about the Log4j vulnerability

In December 2021, a vulnerability in the open source Log4J logging service used by developers to monitor their Java applications first came to light, leaving enterprises scrambling to patch affected ...
Diginomica

Is Log4j relevant to ERP managers? Yes, and we should prepare for the next security hack now

When the Log4j vulnerability news first came out, it seemed like a problem for overworked security experts. But as the patching crisis unfolded, many ERP managers spent their holidays on the job ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
Dark Reading

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...
ZDNet

Log4J: Attackers continue targeting VMware Horizon servers

Two weeks ago, the UK's National Health Service (NHS) issued a warning that an 'unknown threat group' is attempting to exploit a Log4j vulnerability (CVE-2021-44228) in VMware Horizon servers to ...
ZDNet

Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list

During 2021, the top 15 vulnerabilities that were exploited -- as observed by the US Cybersecurity and Infrastructure Security Agency, US NSA, US FBI, the Australian Cyber Security Centre, the ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...