Log4j flaw: Thousands of applications are still vulnerable, warn security researchers
Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number …
Log4j
Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list
During 2021, the top 15 vulnerabilities that were exploited — as observed by the US Cybersecurity and Infrastructure Security Agency, US …
Log4j Attack Surface Remains Massive
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue …
Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
The “hotpatch” released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape …
Vulnerabilities that kept security leaders busy in Q1 2022
In this video for Help Net Security, Yotam Perkal, VP of Research at Rezilion, talks about the most critical vulnerabilities published …
Just Because You Don’t Use Log4j or Spring Beans Doesn’t Mean Your Application is Unaffected
The Spring Framework vulnerability – made public on March 29, 2021 – was caused by unforeseen access to Tomcat’s ClassLoader as a …
AWS’s Log4j patches blew holes in its own security
Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable …
The Log4j Issue: Do You Know What is in Your Software?
This article explores the importance of knowing and documenting the usage of different components in your software. log4j is an open source …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to …
Log4j Attacks Continue Unabated Against VMware Horizon Servers
VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote …
30% of Apache Log4j Security Holes Remain Unpatched
According to cloud security company Qualys, only 70% has been patched. “30% of Log4j instances remain vulnerable to exploitation.” This …
Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider
CAMBRIDGE, UK, March 23, 2022 /PRNewswire/ — Darktrace, a global leader in cyber security AI, today announced that a global provider of …
Shifting Log4j Discovery Right
You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software …
Well done patching Log4j. Now, are you ready for the next zero day disaster?
If you breathed a sigh of relief after dealing with the Log4j vulnerability last year, here’s some bad news. There are further equally …