News

AppleInsider3y
Critical 'Log4J' Java flaw being used to deliver malware, crypto-miners - AppleInsider
The flaw exists in the Log4j Java-based logging platform, which is used for web server access and application logs. Once exploited, the vulnerability could allow a remote attacker to perform code ...
GIGAZINE3y
Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have a major impact on the world? - GIGAZINE(ギガジン)
A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on ...
ZDNet3y
Security warning: New zero-day in the Log4j Java library is already being exploited | ZDNET
A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as CVE ...
CSOonline3y
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps - CSO Online
Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.
Threat Post3y
Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look - Threatpost
There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it.
Bleeping Computer3y
New zero-day exploit for Log4j Java library is an enterprise nightmare - BleepingComputer
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises ...
The Verge3y
Log4j is patched, but the exploits are just getting started
Peter Membrey, chief architect of ExpressVPN, remembers vividly seeing the news of the Log4j vulnerability break online. “As soon as I saw how you could exploit it, it was horrifying,” says ...
adtmag.com2y
Waratek Adds Log4J Scanner and API Security to its Java Security Platform
The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...
ZDNet3y
Log4j flaw hunt shows how complicated the software supply chain really is - ZDNET
Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The ...
Computing3y
Another Java Log4j vulnerability discovered
The Apache Foundation rushed out Log4j version 2.15.0 last week after the severe remote code execution flaw Log4jshell (CVE-2021-44228) was discovered in versions 2.00 to 2.14.x.
CNN3y
The Log4j security flaw could impact the entire internet. Here’s what you should know
The vulnerability, which was reported late last week, is in Java-based software known as “Log4j” that large organizations use to configure their applications – and it poses potential risks ...