The Washington Post

The ‘most serious’ security breach ever is unfolding right now. Here’s what you need to know.

On Dec. 9, word of a newly discovered computer bug in a hugely popular piece of computer code started rippling around the cybersecurity community. By the next day, nearly every major software company ...
TechRepublic

Log4j: How to protect yourself from this security vulnerability

The Log4j security vulnerability known as Log4Shell is shaping up to be one of the worst security flaws of the year, potentially affecting millions of applications and painting a bullseye on unpatched ...
The Verge

Log4j is patched, but the exploits are just getting started

Peter Membrey, chief architect of ExpressVPN, remembers vividly seeing the news of the Log4j vulnerability break online. “As soon as I saw how you could exploit it, it was horrifying,” says Membrey.
CSOonline

Detect and Remediate the Exploitation of the Log4j Vulnerability

Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ...
Redmond Magazine

Microsoft Sentinel Gets Log4j Exploit Detector Preview

Microsoft added a preview solution in Microsoft Sentinel that helps IT pros find signs of Log4j exploits, according to a Thursday announcement and Twitter post. The Log4j exploit detection preview ...
The Next Web

The Log4j bug exposes a bigger issue: Open-source funding (Updated)

Update (December 14 ,2021): We’ve updated this article with information about the new Log4j version release, along with new exploit vectors, and risks related to all Java versions. While you were ...
TechSpot

Microsoft Defender gets new functions to fight Log4j

In brief: Microsoft has announced updates for cloud-based versions of its security software to fight the Log4j vulnerability. Log4j has mostly been patched but can still affect some servers that could ...
ZDNet

Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed ...
CRN

12 Cybersecurity Vendors Susceptible To The Log4j Vulnerability

Vulnerable Log4j code can be found in products from prominent identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and ...
TechCrunch

FTC warns of legal action against organizations that fail to patch Log4j flaw

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade ...
ZDNet

Fortinet: Log4j had nearly 50x activity volume of ProxyLogon

Cybersecurity giant Fortinet found that Log4j had nearly 50 times the activity volume compared to ProxyLogon based on peak 10-day average volume in the second half of 2021. The finding was part of the ...
CRN

Conti Ransomware Hitting VMware vCenter With Log4j Exploit

‘[The] Log4j2 vulnerability appears … for Conti at the moment when the syndicate has both the strategic intention and the capability to weaponize it for its ransomware goals,’ says AdvIntel in a ...