Computer Weekly

US cyber agency in fresh warning over Log4Shell risk to VMware

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a new warning over continuing exploitation of the dangerous CVE-2021-44228 Apache Log4j vulnerability – ...
TechCrunch

Study: 30% of Log4Shell instances remain unpatched

On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world and broke the internet. As the third most used ...
ZDNet

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...
Computer Weekly

Log4Shell: How friendly hackers rose to the challenge

Imagine the scene: a severe vulnerability emerges that affects organisations worldwide, allowing unauthorised access to highly sensitive data. This scenario happened in late 2021 when a popular open ...
ZDNet

Log4j flaw: Why it will still be causing problems a decade from now

Despite a well-coordinated effort to rally organizations to patch to the major open-source software flaw, cybersecurity officials don't see an end to the Log4Shell problems for at least a decade. That ...
Threat Post

What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to ...
TechCrunch

The race is on to patch Log4Shell, the bug that’s breaking the internet

Security teams around the globe are scrambling to fix Log4Shell, a critical security flaw in Log4j, an open source logging software that’s found practically everywhere from online games to enterprise ...
Ars Technica

The Log4Shell 0-day, four days on: What is it, and how bad is it really?

Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the ...
Wired

The Log4J Vulnerability Will Haunt the Internet for Years

All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links. Learn more. A ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...
JD Supra

Bad Actors Continue to Exploit Log4Shell Vulnerabilities

Takeaway: CISA and CGYBER recommend all organizations who did not immediately apply available patches to assume Log4Shell compromise and initiate threat hunting activities. In December 2021, the world ...