Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
CNET

Log4j Vulnerability Could Be Here For a Decade, Cyber Safety Review Board Says

Andrew Blok covered home energy, with a focus on solar, and navigated the changing energy landscape to help people make smart energy decisions. He's a graduate of the Knight Center for Environmental ...
VentureBeat

Many orgs are still failing to address Log4j — here’s why

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...
Forbes

Why Virtual Patching Is Key To Stopping Vulnerabilities Like Log4j

According to Verizon's 2024 Data Breach Investigations Report, cyberattacks and data breaches involving the exploitation of vulnerabilities have almost tripled compared to previous years. Our recent ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
Infosecurity-magazine.com

Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news ...
ZDNet

Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...
Yahoo

Log4j software flaw 'endemic,' new cyber safety panel says

FILE - The Department of Homeland Security logo is seen during a news conference in Washington, Feb. 25, 2015. A new cybersecurity panel created by President Joe Biden says a computer vulnerability ...
CBS News

Panel finds notorious Log4j internet bug did not lead to any "significant" attacks on ...

A panel of U.S. government officials and private-sector experts tasked with investigating the nation's major cybersecurity failures has concluded that the notorious Log4j internet bug did not prompt ...
CSOonline

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...
Digital Journal

Security expert insights: Log4j endemic vulnerability

A data center: Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images A data center: Network cables plugged into a server. — © Michael ...
Homeland Security Today

PERSPECTIVE: Why the December 2021 Log4j Event Remains Top of Mind for Cyber Professionals

The Cyber Safety Review Board (CSRB), created in 2021 to review major cyber events, released a report last summer recapping the 2021 discovery of the Log4j vulnerability. Its disclosure triggered a ...