Log4j – Page 2 – WindowsTechs.com

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

Posted on January 23, 2023 by Jonathan Reed

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure […]

The post Log4j Forever Changed What (Some) Cyber Pros Think About OSS appeared first on Security Intelligence.

Continue reading Log4j Forever Changed What (Some) Cyber Pros Think About OSS→

Open source code for commercial software applications is ubiquitous, but so is the risk

Posted on December 14, 2022 by Karl Greenberg

As the SolarWinds and Log4j hacks show, vulnerabilities in open source software used in application development can open doors for attackers with vast consequences. A new study looks at the open source community’s efforts to “credit-rate” the risk.
The… Continue reading Open source code for commercial software applications is ubiquitous, but so is the risk→

DHS Cyber Safety Review Board to focus on Lapsus$ hackers

Posted on December 2, 2022 by Suzanne Smalley

DHS officials said Lapsus$ is the perfect target for the next CSRB report and described the hacking group’s hacks as “ongoing.”

The post DHS Cyber Safety Review Board to focus on Lapsus$ hackers appeared first on CyberScoop.

Continue reading DHS Cyber Safety Review Board to focus on Lapsus$ hackers→

A year later, Log4Shell still lingers

Posted on December 1, 2022 by Help Net Security

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate W… Continue reading A year later, Log4Shell still lingers→

Following Log4j: Supporting the developer community to secure IT

Posted on November 1, 2022 by Help Net Security

How bad was the Log4j vulnerability for open source’s reputation? One of the most high-profile exploits in recent years, it even led to a government advisory from the UK’s National Cyber Security Center being issued after Iranian state hackers took adv… Continue reading Following Log4j: Supporting the developer community to secure IT→

Dangerous hole in Apache Commons Text – like Log4Shell all over again

Posted on October 18, 2022 by Paul Ducklin

Third time unlucky. Time to put your patching boots on again… Continue reading Dangerous hole in Apache Commons Text – like Log4Shell all over again→

Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory

Posted on October 6, 2022 by Suzanne Smalley

Chinese hackers have become increasingly brazen and are investing more time to stealing intellectual property and breaking into sensitive networks, according to National Security Agency cyber chief Rob Joyce.

The post Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory appeared first on CyberScoop.

Continue reading Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory→