ZDNet

Log4j flaw: Why it will still be causing problems a decade from now

Despite a well-coordinated effort to rally organizations to patch to the major open-source software flaw, cybersecurity officials don't see an end to the Log4Shell problems for at least a decade. That ...
VentureBeat

Many orgs are still failing to address Log4j — here’s why

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...
CSOonline

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...
CNET

Log4j Vulnerability Could Be Here For a Decade, Cyber Safety Review Board Says

Andrew Blok covered home energy, with a focus on solar, and navigated the changing energy landscape to help people make smart energy decisions. He's a graduate of the Knight Center for Environmental ...
Dark Reading

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

The US Department of Homeland Security's Cyber Safety Review Board (CSRB) has concluded that the Apache Log4j vulnerability disclosed in December 2021 will remain a significant risk to organizations ...
Bleeping Computer

Microsoft: Iranian hackers still exploiting Log4j bugs against Israel

Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
ZDNet

Within hours of the Log4j flaw being revealed, these hackers were using it

A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j ...
Digital Journal

Security expert insights: Log4j endemic vulnerability

A data center: Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images A data center: Network cables plugged into a server. — © Michael ...
Forbes

Four Ways To Prep For The Next Zero-Day Threat

For IT professionals of all stripes, the Grinch struck early last December with the revelation of a new zero-day vulnerability: Log4j. The ubiquity of the open-source service and the potential for ...
CSOonline

Five Blind Spots That Leave You Open to Supply Chain Vulnerabilities

Software supply chain attacks have received increased attention over the past year with high-profile examples such as the SolarWinds SUNBURST attack, the Kaseya VSA (REvil) attack, or the Log4j ...