A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j ...

The Log4j security vulnerability known as Log4Shell is shaping up to be one of the worst security flaws of the year, potentially affecting millions of applications and painting a bullseye on unpatched ...

Vulnerable Log4j code can be found in products from prominent identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and ...

Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ...

In brief: Microsoft has announced updates for cloud-based versions of its security software to fight the Log4j vulnerability. Log4j has mostly been patched but can still affect some servers that could ...

Many security teams have been running hard for past few days looking to assess and address their organizations' exposure to CVE-2021-44228, aka "Log4Shell," a flaw disclosed within the popular Log4j ...

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities. Last week, the U.S. Federal Trade Commission (FTC) ...

Microsoft added a preview solution in Microsoft Sentinel that helps IT pros find signs of Log4j exploits, according to a Thursday announcement and Twitter post. The Log4j exploit detection preview ...

‘[The] Log4j2 vulnerability appears … for Conti at the moment when the syndicate has both the strategic intention and the capability to weaponize it for its ransomware goals,’ says AdvIntel in a ...

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed ...