PC Magazine

How a US Govt Board Helped the Open-Source Community Leap to Patch Log4j

'I think what surprised a lot of people was how deep the fact-finding could go,' Cyber Safety Review Board Chair Robert Silvers says at Black Hat about the response to the Log4j exploit. LAS VEGAS–Six ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
Infosecurity-magazine.com

RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds

Three years after its discovery, the Log4J vulnerability (CVE-2021-44228) exploit remains one of the most attempted exploits observed by cloud security provider Cato Networks. Cato Cyber Threat ...
ZDNet

Not patched Log4j yet? Assume attackers are in your network, say CISA and FBI

A joint security alert by CISA and the FBI has warned organizations that haven't applied much-needed Log4j security patches and mitigations to VMware Horizon server instances to assume their network ...
Times Union

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad ...

Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...
Bleeping Computer

Microsoft: Iranian hackers still exploiting Log4j bugs against Israel

Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid ...
VentureBeat

How external attack surface management lets you see your org through an attacker’s eyes

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More >>Don’t miss our special issue: How ...
CSOonline

Detect Log4j Attacks Hiding in Encrypted Traffic

Log4Shell exploits are different in that they exploit a zero-day vulnerability that was not maliciously introduced by attackers. But Log4j is so ubiquitous that many vendors are susceptible to it, ...
SDxCentral

‘Very Few Will Escape’ Log4j, Threat Researchers Say

Cybersecurity professionals and IT vendors spent the weekend scrambling to shore up systems before hackers exploited a zero-day vulnerability in the popular Apache Log4j open source logging tool.
Bleeping Computer

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new ...
MSN による配信

Apache Log4j: The Exploit that Almost Killed the Internet

Unveiling the Dark Side of Cyberworld: The Apache Log4j Crisis. Discover the shocking Log4Shell exploit that shook the internet. Learn vital lessons about cybersecurity and safeguarding our digital ...
MSN による配信

Apache Log4j - The Exploit That Nearly Brought Down the Internet

A single flaw in Apache Log4j spiraled into one of the most dangerous exploits ever found. Experts warned it could have taken down the entire internet. White House responds to Trump-Putin documents ...