8 months on, US says Log4Shell will be around for “a decade or longer”
When it comes to cybersecurity, ask not what everyone else can do for you… Continue reading 8 months on, US says Log4Shell will be around for “a decade or longer”
Category Archives: Log4j
DHS Review Board Warns Log4j Flaw to Affect Vulnerable Systems Until At Least 2032
The US Department of Homeland Security has issued a security… Continue reading DHS Review Board Warns Log4j Flaw to Affect Vulnerable Systems Until At Least 2032
How to address the ongoing risk of Log4j exploitation and prepare for the future
“Vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer,” the Cyber Safety Review Board (CSRB) has concluded. Log4j exploitation: Risk and effects of remediation efforts The report concentrat… Continue reading How to address the ongoing risk of Log4j exploitation and prepare for the future
DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure
The report suggests that even though risk still remains for unpatched organizations, a government-wide response helped drive mediation.
The post DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure appeared first on CyberScoop.
Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns
If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those sy… Continue reading Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns
Recovering from a cybersecurity earthquake: The lessons organizations must learn
It’s been over a year since the SolarWinds supply chain hack sent shockwaves through thousands of organizations worldwide, but this cybersecurity earthquake is by no means over. More recently we’ve seen aftershocks fueled by the Log4Shell and Spring4Sh… Continue reading Recovering from a cybersecurity earthquake: The lessons organizations must learn
The 15 most exploited vulnerabilities in 2021
In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency. Most exploited vulne… Continue reading The 15 most exploited vulnerabilities in 2021
Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program
The findings, first reported by CyberScoop, come in the first of three phases for the DHS bug bounty program.
The post Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program appeared first on CyberScoop.
AWS Confirms Log4j Hotpatch Fix Leads to Privilege Escalation
Back in December, Amazon released emergency fixes to address the… Continue reading AWS Confirms Log4j Hotpatch Fix Leads to Privilege Escalation
Vulnerabilities that kept security leaders busy in Q1 2022
In this video for Help Net Security, Yotam Perkal, VP of Research at Rezilion, talks about the most critical vulnerabilities published during Q1 2022, and the relevant remediation and mitigation steps you need to take. The first quarter of 2022 was pac… Continue reading Vulnerabilities that kept security leaders busy in Q1 2022