Apache Log4j

On March 29, 2022, a Chinese cybersecurity research firm leaked an attack that could impact most enterprise Java applications, globally. An investigation of the issue showed that the root cause was a ...

The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...

IT leaders are changing the way they secure cloud workloads in the aftermath of the Log4j vulnerability, according to a report from Valtix ...

A survey of 200 cloud security leaders published today by Valtix, a provider of a network security-as-a-service platform, finds more than three-quarters of respondents (77%) said they are still working toward patching ...

As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring ...

Barracuda Networks published a report this week that showed that in the two months since Log4Shell’s disclosure, the volume of attacks that attempt to exploit the vulnerability are occurring at a relatively ...

It’s been nearly four months since Alibaba Cloud’s security team first reported a remote code execution (RCE) vulnerability within Apache Log4j (also known as Log4Shell). Due to the popularity and widespread use ...

Free and open source software (FOSS) will continue to present a risk to organizations as hackers focus on exploiting security flaws in the code, a report from Moody’s Investors Service found. In the ...

The U.S. Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) are sending warnings to companies that don’t address the risk from the Log4j vulnerabilities. The FTC in particular has ...

Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...