'Spring4Shell' bug in framework for Java programming draws widespread warnings

Written by Joe Warminsky Apr 1, 2022 | CYBERSCOOP Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java…

White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

CISA, White House urge organizations to get ready for holiday cyberattacks

The Cybersecurity and Infrastructure Security Agency and the White House have released warnings to companies and organizations across the country, urging them to be on alert for cyberattacks ahead of…

Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold.  Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by…

Log4j flaw puts hundreds of millions of devices at risk, says US cybersecurity agency

Top US government cybersecurity officials fear advanced hackers will have a field day with the Log4j vulnerability that’s likely present in hundreds of millions of devices.  Security experts are already seeing…

Log4j zero-day flaw: What you need to know and how to protect yourself

A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score…

Log4j RCE activity began on December 1 as botnets start using vulnerability

Image: Kevin Beaumont The usage of the nasty vulnerability in the Java logging library Apache Log4j that allowed unauthenticated remote code execution could have kicked off as early as December…