Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
Dark Reading

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...
Dark Reading

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

The US Department of Homeland Security's Cyber Safety Review Board (CSRB) has concluded that the Apache Log4j vulnerability disclosed in December 2021 will remain a significant risk to organizations ...
Computer Weekly

Apache vulnerability a risk, but not as widespread as Log4Shell

Security teams should be alert to the possibility of compromise arising from a vulnerability in Apache Commons Text that may put many organisations at risk, but is unlikely to be as impactful as ...
ZDNet

Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list

During 2021, the top 15 vulnerabilities that were exploited -- as observed by the US Cybersecurity and Infrastructure Security Agency, US NSA, US FBI, the Australian Cyber Security Centre, the ...