Apache Log4j
Best of 2022: New Spring4Shell Zero-Day Vulnerability Confirmed: What it Is and How to Prepare
On March 29, 2022, a Chinese cybersecurity research firm leaked an attack that could impact most enterprise Java applications, globally. An investigation of the issue showed that the root cause was a ...
Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List
The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...
How Log4j Reshaped Cloud Security Thinking
IT leaders are changing the way they secure cloud workloads in the aftermath of the Log4j vulnerability, according to a report from Valtix ...
Security Teams Still Struggling to Patch Log4Shell
A survey of 200 cloud security leaders published today by Valtix, a provider of a network security-as-a-service platform, finds more than three-quarters of respondents (77%) said they are still working toward patching ...
Another Log4Shell? Not Quite-But Spring4Shell is Serious
As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring ...
Barracuda Networks Tracks Volume of Log4Shell Attacks
Barracuda Networks published a report this week that showed that in the two months since Log4Shell’s disclosure, the volume of attacks that attempt to exploit the vulnerability are occurring at a relatively ...
Log4j Forced a Cybersecurity Wake-Up Call
It’s been nearly four months since Alibaba Cloud’s security team first reported a remote code execution (RCE) vulnerability within Apache Log4j (also known as Log4Shell). Due to the popularity and widespread use ...
Open Source a Persistent Risk, Log4j Vulnerabilities Will Linger
Free and open source software (FOSS) will continue to present a risk to organizations as hackers focus on exploiting security flaws in the code, a report from Moody’s Investors Service found. In the ...
SEC, FTC Issue Warning on Log4j Vulnerabilities
The U.S. Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) are sending warnings to companies that don’t address the risk from the Log4j vulnerabilities. The FTC in particular has ...
Oxeye Tool Can Counter Log4j Obfuscation Attacks
Oxeye today announced an open source deobfuscation tool, dubbed Ox4Shell, that makes it simpler for cybersecurity teams to uncover hidden payloads that attempt to exploit Log4Shell vulnerabilities. Many enterprise IT organizations have ...
