'Spring4Shell' bug in framework for Java programming draws widespread warnings

Written by Joe Warminsky Apr 1, 2022 | CYBERSCOOP Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java…

In studying tech supply chain, feds cite open source products, device firmware

Written by Joe Warminsky Feb 25, 2022 | CYBERSCOOP Open-source software and device firmware are two of the biggest areas of vulnerability in the supply chains for information and communications…

Google Cloud offers good news and bad news on Log4Shell, other issues

Written by AJ Vicens Feb 15, 2022 | CYBERSCOOP Google Cloud is seeing 400,000 scans per day for systems vulnerable to the Log4Shell bug, the company said Tuesday. The findings…

CISA's new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

Written by Tonya Riley Feb 8, 2022 | CYBERSCOOP Changes in federal cybersecurity leadership over the past year allowed the private and public sectors to quickly work together in responding…

JNDI Vulnerability in H2 Database Similar to Log4Shell

JFrog security researchers published a report on Thursday revealing a JNDI vulnerability located in the H2 database console, indicating the same root cause as the well-known Log4Shell bug. They also…

The US Federal Trade Commission (FTC) Urges Companies to Secure Consumer Data

The Federal Trade Commission is an independent agency of the United States government whose primary objective is to enforce civil antitrust law in the United States and to promote consumer…

Chinese hackers use Log4j exploit to go after academic institution

Written by Tonya Riley Dec 29, 2021 | CYBERSCOOP A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large…

The Fifth Log4j Vulnerability Has Been Fixed by Apache

Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…

The TellYouThePass Ransomware Reappeared After the Windows Log4j Attacks

Tellyouthepass ransomware, commonly known as the.locked Files Virus, encrypts data and demands payment as a ransom to restore it. The.locked Files Virus will encrypt a text file with ransomware instructions…

MobileIron customers urged to patch systems due to potential Log4j exploitation

Cybersecurity company NCC Group is warning users of MobileIron products to patch their systems since finding exploitations through the Log4j vulnerability.  more coverage NCC Group researchers have so far seen…