Browsing Tag
Log4Shell
4 posts
Current Dependency Vulnerabilities Giving Us PTSD
Lately, it seems we’re all plagued by zero-day and dependency-related vulnerabilities. Log4Shell had everyone scrambling in 2021, and…
Weekly Top Ten Cybersecurity Stories – 9.2.2022
Lockbit DDoS Triple Extortion, LastPass source code breach, Log4Shell continues to be used as initial access vector, cookie stuffing.
Log4j New Year Wrap-Up
One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.