The Conversation

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...
CBS News

Nightmare before Christmas: What to know about the Log4j vulnerability

A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according ...
Wired

The Next Wave of Log4J Attacks Will Be Brutal

A week ago, the internet experienced a seismic event. Thanks to a vulnerability in Log4j, a popular open source library, multitudes of servers around the world were suddenly exposed to relatively ...
Bleeping Computer

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
PC Magazine

What Is the Log4j Exploit, and What Can You Do to Stay Safe?

Hackers could take control of millions of servers, shutting them down or forcing them to spew malware due to widely-used faulty code. Here's how it happened, and what can you do to protect yourself.
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
Dark Reading

New Log4j Attack Vector Discovered

Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. Security ...
TechRepublic

How to test if your Linux server is vulnerable to Log4j

How to test if your Linux server is vulnerable to Log4j Your email has been sent Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here ...
ZDNet

Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed ...