Apache Log4j Vulnerability
Log4j: Three Flaws and Counting
“With the attention CVE-2021-44228 has received, I wouldn’t be surprised if we saw a third CVE related to #Log4j2,” Valtix Senior Security Analyst Davis McCarthy said last week. Those prophetic words turned ...
WhiteSource Open Source Tool Can Discover Log4j Vulnerabilities
WhiteSource has made available an open source tool to detect vulnerable instances of Log4j logging software. The recently disclosed flaw allows cybercriminals to launch a remote code execution (RCE) attack via Java ...
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart. The previous version of the Vaccine used the ...
Here We Go Again: Second Log4j Flaw Surfaces
Maybe Log4j vulnerabilities are like rats—for every one that’s visible, multiple others scurry beneath the surface. It’s too early to tell if that’s what will happen with Log4j. But just a day ...
Cybereason Makes Log4Shell ‘Vaccine’ Available
Cybereason has created what it described as a “vaccine” for the Apache Log4Shell vulnerability (CVE-2021-44228) that is roiling organizations that rely on the open source Log4j logging framework to manage Java applications ...
Apache Log4j Threatens, Well, Everything
It doesn’t get much worse than this, at least according to cybersecurity experts. The RCE bug currently being actively exploited in the widely used Apache Log4j promises to leave a trail of ...
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart. The previous version of the Vaccine used the ...