Log4Shell

New research revealed an all-too-familiar theme: Known vulnerabilities for which patches have been issued were the main way threat actors executed cyberattacks in 2022. “The data highlights that long-known vulnerabilities frequently cause ...

Many organizations still need to find the Log4j vulnerability in their environment and address the risk. The news about Log4Shell, the vulnerability impacting the Apache Log4j software library, first burst onto the ...

The first post of this series on the software-related risks organizations are facing looked at vulnerabilities introduced in development. In this post we look at the risks of open source vulnerabilities. Organizations ...

In the history of IT security, the sector’s traditional tools and solutions have rarely appeared as inadequate as they do now. Over the past four years, the multitude of ransomware attacks resulted ...

2022 was the year of the rise of the SBOM. This time of year, we take a look back at the havoc wreaked by breaches–that occurred in 2021 and earlier. The fallout ...

  ...

Almost exactly one year after Log4Shell sent security teams scrambling to patch, more than seven in 10 (72%) of organizations are still vulnerable to the flaw.  These were among the results of ...

The Log4Shell anniversary is here. It has been a year since the initial discovery and publication of Log4Shell (CVE-2021-44228), which was without a doubt one of the most meaningful vulnerabilities in recent ...

Long after the press news and panic surrounding the discovery of Log4j, the Log4 Shell exploit and the supply-chain variant dubbed LoNg4j, IT and security teams are still struggling to adopt Log4j ...

The CVE-2022-42889 that was dubbed as Text4Shell or ACT4Shell created a lot of noise on social media when it was published (on October 13th), mainly because of the comparison to Log4Shell. For ...