Browsing Tag
Log4j
7 posts
Current Dependency Vulnerabilities Giving Us PTSD
Lately, it seems we’re all plagued by zero-day and dependency-related vulnerabilities. Log4Shell had everyone scrambling in 2021, and…
Open Source Developers Sabotage Projects Downloaded By Millions
What can devOps and cybersecurity professionals learn from the latest software supply chain disaster?
Log4j New Year Wrap-Up
One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
The Five Biggest Cybersecurity Challenges in 2022
At the outset of the new year we take a look at the biggest challenges ahead.
Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
Log4j/Log4Shell Updates and Recommended Guidance
Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.
Apache Log4j Zero-Day Exposes Java Applications to RCE
A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.