TechCrunch

Study: 30% of Log4Shell instances remain unpatched

On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world and broke the internet. As the third most used ...
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
ZDNet

Log4Shell flaw: Still being used for crypto mining, botnet building... and Rickrolls

Log4Shell, the critical bug in Apache's widely used Log4j project, hasn't triggered the disaster that was feared, but it's still being exploited and predominantly from cloud computers in the US. The ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
Computer Weekly

Log4Shell, ProxyShell still among most widely exploited flaws

The National Cyber Security Centre (NCSC), alongside its Five Eyes partner agencies in Australia, Canada, New Zealand and the US, have released details of the 12 most exploited vulnerabilities of 2022 ...
ZDNet

Log4j flaw: Why it will still be causing problems a decade from now

Despite a well-coordinated effort to rally organizations to patch to the major open-source software flaw, cybersecurity officials don't see an end to the Log4Shell problems for at least a decade. That ...
Computer Weekly

Log4Shell on its way to becoming ‘endemic’

The Log4Shell vulnerability in Apache Log4j, which caused consternation across the technology industry when it surfaced at the end of 2021, will be with us for a long time to come, perhaps as long as ...
TechRepublic

Log4Shell: Still out there, still dangerous, and how to protect your systems

Log4Shell: Still out there, still dangerous, and how to protect your systems Your email has been sent Barracuda researchers have noticed a steady stream of attacks attempting to exploit the Log4j ...
SDxCentral

Arctic Wolf: Log4Shell Has a Long Tail

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...
Forbes

Like Covid-19, Log4Shell Reveals Weaknesses In Our Defenses

Discovered in December 2021, the Log4Shell vulnerability has affected hundreds of millions of digital devices and will likely continue to command the attention of IT security forces for the ...
CSOonline

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely. The US Cybersecurity and Infrastructure ...
CSOonline

Spring4Shell patching is going slow but risk not comparable to Log4Shell

Businesses have been at work since last week investigating whether their applications or third-party software products are vulnerable to Spring4Shell, a critical remote code execution (RCE) ...