Dark Reading

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...
Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
CNET

Log4j Vulnerability Could Be Here For a Decade, Cyber Safety Review Board Says

Andrew Blok covered home energy, with a focus on solar, and navigated the changing energy landscape to help people make smart energy decisions. He's a graduate of the Knight Center for Environmental ...
Forbes

Why Virtual Patching Is Key To Stopping Vulnerabilities Like Log4j

According to Verizon's 2024 Data Breach Investigations Report, cyberattacks and data breaches involving the exploitation of vulnerabilities have almost tripled compared to previous years. Our recent ...
VentureBeat

Many orgs are still failing to address Log4j — here’s why

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...
Infosecurity-magazine.com

Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news ...
Yahoo

Log4j software flaw 'endemic,' new cyber safety panel says

FILE - The Department of Homeland Security logo is seen during a news conference in Washington, Feb. 25, 2015. A new cybersecurity panel created by President Joe Biden says a computer vulnerability ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
ZDNet

Within hours of the Log4j flaw being revealed, these hackers were using it

A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j ...
ZDNet

Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...
CSOonline

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...