What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Padlokr –  Padlokr –  A vulnerability in Log4j, a humble but widespread piece of software, has put millions of computers at risk. SOPA Images/LightRocket via Getty Images Santiago Torres-Arias, Purdue…

White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

If hackers are exploiting the Log4j flaw, CISA says we might not know yet

Written by Tim Starks Jan 10, 2022 | CYBERSCOOP Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there…

The Fifth Log4j Vulnerability Has Been Fixed by Apache

Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…

The Log4j flaw is the latest reminder that quick security fixes are easier said than done

Written by AJ Vicens Dec 21, 2021 | CYBERSCOOP Cybersecurity professionals have spent weeks scrambling to address a bug in a widely used software library that could enable hackers to…

CISA, White House urge organizations to get ready for holiday cyberattacks

The Cybersecurity and Infrastructure Security Agency and the White House have released warnings to companies and organizations across the country, urging them to be on alert for cyberattacks ahead of…

The Log4j Vulnerability Is Now Used by State-Backed Hackers

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1. What Happened? Nation-state hackers…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold.  Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one…

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has…