From Log4j to Long4j
Veracode reports that more than a third of Java application still use vulnerable versions of Log4j despite efforts to eradicate it. The post From Log4j to Long4j appeared first on Azul | ...
Above 30% Apps at Risk with Vulnerable Log4j Versions
An alarming 38% of applications that use the Apache Log4j library use the versions susceptible to security vulnerabilities. One of them is a critical vulnerability, Log4Shell (CVE-2021-44228), for which patches have been ...
Lazarus Group Exploits Log4j Flaw in New Malware Campaign
The notorious North Korea-backed Lazarus Group continues to change up its tactics to evade detection, with a new campaign featuring the exploitation of the Log4j critical vulnerability and three new malware families ...
Log4j, GitHub Repositories, and Attack Surfaces
Numerous security practitioners and software development teams often utilize public repositories in their daily roles. The goal of these public repositories is to help teams collaborate on improving coding, fixing vulnerabilities, and ...
Sysdig Details Proxyjacking Attack Leveraging Log4j Vulnerability
Sysdig today published a report that described how cybercriminals are exploiting the Log4j vulnerability to gain access to IP addresses that are then sold to entities that resell them. Dubbed proxyjacking, the ...
Fast Facts: How to Find and Fix the Log4j Vulnerability in Under 2 Minutes
Many organizations still need to find the Log4j vulnerability in their environment and address the risk. The news about Log4Shell, the vulnerability impacting the Apache Log4j software library, first burst onto the ...
Hardening Log4j defenses with new Contrast Protect JNDI Injection rule | Contrast Security
It’s been a year since many Application Security (AppSec), IT and development teams around the globe were sent scrambling to shore up defenses against the infamous Log4j zero-day attack (CVE-2021-44228). ...
Log4j: One Year Later
One year ago, the Log4j remote code execution vulnerability known as Log4Shell (CVE-2021-44228) was announced. The critical severity level vulnerability in a logging framework used across virtually all Java environments quickly set ...
Log4j Vulnerability Detection: One year after Log4Shell, firms still struggle to hunt down Log4j | Contrast Security
It’s been one year since a CVE identifier was made available for the infamous Log4j flaw — CVE-2021-44228, commonly referred to as Log4Shell — on Dec. 10, 2021. ...
Best Practices for Addressing Log4j and LoNg4j Patching Gaps
Long after the press news and panic surrounding the discovery of Log4j, the Log4 Shell exploit and the supply-chain variant dubbed LoNg4j, IT and security teams are still struggling to adopt Log4j ...