Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...

Takeaway: Log4j, also known as the Log4Shell vulnerability, is a critical threat, and no organization should assume it is safe. Determining exposure to Log4j, and fixing vulnerabilities, should be a ...

If you haven’t taken a hard look at your servers and security systems recently, you’d be wise to do so ASAP. A member of Alibaba’s cloud security team discovered a dangerous vulnerability known as ...

As highlighted in our December 10, 2021, article, the Apache Log4j vulnerability is garnering significant attention throughout the public and private sectors. There are reportedly upwards of 100 ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...

A vulnerability called Log4Shell found in open-source logging library Log4j leaves millions of devices vulnerable to attacks. As The Verge notes, apps and services keep a record of all the events that ...

An Akamai researcher has discovered an attempt to use Log4j vulnerabilities in ZyXEL networking devices to "infect and assist in the proliferation of malware used by the Mirai botnet." Larry ...

The White House will meet with leaders of major tech companies including Apple, Google, Amazon, Meta, IBM, and Microsoft on Thursday to discuss the security of open-source software. The issue has ...