Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate. News of…

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j,…

CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices

Written by Tim Starks Dec 13, 2021 | CYBERSCOOP Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a…

Malicious PyPI Code Packages Rack Up Thousands of Downloads

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository have…

All You Need to Know About the New Zero-Day Found in the Log4j Java Library

Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The flaw gives threat actors…

Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability

Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute, security researchers have warned. The Log4j flaw (also…

Log4j RCE activity began on December 1 as botnets start using vulnerability

Image: Kevin Beaumont The usage of the nasty vulnerability in the Java logging library Apache Log4j that allowed unauthenticated remote code execution could have kicked off as early as December…

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm)…

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK

Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a…