Written by Joe Warminsky Apr 1, 2022 | CYBERSCOOP Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java…
Tag: remote code execution
The Fifth Log4j Vulnerability Has Been Fixed by Apache
Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…
Irani and Chinese State Hackers Exploiting Log4j Vulnerability
According to John Hultquist, VP of Intelligence Analysis, Mandiant, Iranian state hackers are specifically aggressive with this Log4j vulnerability. Cybersecurity firms Mandiant and CrowdStrike have confirmed that Iranian and Chinese…
A List of Vulnerable Products to the Log4j Vulnerability
Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…
Web App Attacks Surge 251% in Two Years
Web App Attacks Surge 251% in Two Years Web application attacks on UK businesses have soared by over 250% since October 2019, driving a surge in data breaches, according to Imperva.…
Log4j Looms Large Over Patch Tuesday
Log4j Looms Large Over Patch Tuesday IT teams knocked for six by a newly disclosed Log4j bug were forced to tackle a new patch load from Microsoft released yesterday, containing 67 new…
CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24
The US Cybersecurity and Infrastructure Security Agency has ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization’s Known…