Infosecurity-magazine.com

Two-Fifths of Log4j Apps Use Vulnerable Versions

Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor ...
Infosecurity-magazine.com

Lessons Learned: The Log4J Vulnerability 12 Months On

It was a shock to all in cybersecurity as Java and the Log4j open-source logging library are prevalent, commonly used across software applications and online services. The issue quickly came to the ...
Ars Technica

VMware Horizon servers are under active exploit by Iranian state hackers

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. Security firm SentinelOne ...
Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
Virtualization Review

VMware Advises Horizon Users to Patch for Log4j Vulnerabilities

VMware issued an "IMPORTANT" message to users of its Horizon virtual desktop offering, warning them to patch for critical Log4j vulnerabilities. Log4j is an open source Java logging library widely ...
CSOonline

Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft’s Patch Tuesday blunder

Vulnerability disclosures often come in bunches, and unvetted patch updates can create their own problems. Here's how to assess and prioritize both. The past few weeks left IT professionals ...
Computer Weekly

Top three questions about the Log4j vulnerability

In December 2021, a vulnerability in the open source Log4J logging service used by developers to monitor their Java applications first came to light, leaving enterprises scrambling to patch affected ...
Security

Log4j: Five guidelines for detection and prevention

On Dec. 9, the Apache Software Foundation issued a Log4j security alert that a vulnerability (CVE-2021-44228), aka Log4Shell, allows unauthenticated users to remotely execute or update software code ...
Ars Technica

Patch systems vulnerable to critical Log4j flaws, UK and US officials warn

Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems ...
VentureBeat

Microsoft launches new Defender capabilities for fixing Log4j

Microsoft announced it has rolled out new capabilities in its Defender for Containers and Microsoft 365 Defender offerings for identifying and remediating the widespread vulnerabilities in Apache ...
SiliconANGLE

Apache releases Log4j patch to address new RCE vulnerability

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...
Digital Journal

Log4Shell identification and remediation checklist

Log4Shell is one of the most critical and widespread vulnerabilities found in the past decade (CVE-2021-44228) impacting Log4J, a highly popular Java library used in millions of applications as part ...