Search Results: Log4j

My TechDecisions Podcast Episode 184: Log4J’s Persistence

Bob Rudis, VP of data science for GreyNoise Intelligence, joins the podcast to talk about the persistence of the Log4J vulnerability.

January 26, 2023 Zachary Comeau Leave a Comment

On this episode of the My TechDecisions Podcast, we speak with Bob Rudis, vice president of data science for GreyNoise Intelligence, about why the Log4J vulnerability discovered in December 2021 will persist for many years to come. In a new report from GreyNoise Intelligence, the company says the full scope of attacks involving the vulnerability […]

Expect ‘Headline-grabbing’ Log4j Attacks in 2023

Log4j bug will continue to be a critical issue for IT professionals in 2023, according to GreyNoise.

January 4, 2023 Zachary Comeau Leave a Comment

Organizations should expect to see continued cyberattacks leveraging the Log4Shell vulnerability in 2023, cybersecurity company GreyNoise Intelligence says in a new report. The Washington, D.C.-based internet scanning traffic analysis firm’s recently released report, the 2022 Mass Exploitation Report, dives deep into the most significant threat detection events of the past year, including touching on CISA’s […]

30% Of Log4j Instances Remain Vulnerable To Exploitation

Qualys finds that nearly a third of Log4j instances remain vulnerable to attack more than three months after the flaw was discovered.

March 24, 2022 Zachary Comeau Leave a Comment

More than two months after the Log4j vulnerabilities known as Log4Shell were discovered, 30% of Log4j instances remain vulnerable for hackers to exploit and take control of affected systems, according to cybersecurity firm Qualys. The company indexed more than 10 trillion data points across its installed enterprise customer base and completed six billion IP scans […]

Google Reports 400,000 Daily Log4j scans

Google says it is continuing to see as many as 400,000 daily scans for Log4j vulnerabilities against Google Cloud.

February 22, 2022 Zachary Comeau Leave a Comment

Google says there are as many as 400,000 scans for Log4j vulnerabilities against Google Cloud each day, suggesting that IT professionals need to continue to be vigilant and ensure that they remediate vulnerable systems. The claim comes in Google’s Threat Horizons Executive Snapshot this month, a quarterly report from the company’s Cybersecurity Action Team. Google […]

A Chinese Ransomware Operator Is Leveraging Log4j Bugs, VMWare Horizon

Ransomware operation leveraging Log4j bugs began attacking internet-facing systems running VMWare Horizon earlier this month, Microsoft says.

January 11, 2022 Zachary Comeau Leave a Comment

The IT and cybersecurity community sounded the alarm last month when researchers discovered vulnerabilities in Log4j, the ubiquitous java logger used by a wide range of tech products. The tool has been patched and vendors are quickly deploying its own patches for products that use the tool, but the situation is not getting much better […]

Log4j Highlights the Need for a Software Bill of Materials; Here’s How to Create One

Amid the Log4j vulnerabilities, it’s more important than ever that companies prioritize dependency management by creating a SBOM.

January 11, 2022 Bren Briggs, VP of DevOps and Cybersecurity at Hypergiant. Leave a Comment

Just days into the new year and the cybersecurity community is already playing catch up thanks to the recent Log4j vulnerability which illuminated major setbacks in how organizations deal with its own software and open-source packages on which its relies on. In particular, organizations have been caught off guard in auditing its own systems, giving […]

Log4j Exploits Stretch Into Second Month

Microsoft is urging organizations to continue their vigilance against the Log4j bugs as known threat actors adopt the exploits.

January 4, 2022 Zachary Comeau Leave a Comment

IT and security professionals should continue to be vigilant and look for signs of vulnerable versions of Log4j as exploitation attempts stretch into a second month, Microsoft warns. According to an update to a running Microsoft security blog on the issue, sophisticated threat actors like nation-state groups and others are rolling Log4J exploitations into its […]

Use These Free, Publicly Available Log4j Scanning Tools

Microsoft, CrowdStrike, CISA and other organizations have released open-sourced Log4j scanning tools to help you find Log4Shell vulnerabilities.

December 29, 2021 Zachary Comeau Leave a Comment

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Since Log4j is a hugely popular Java […]

Shared Assessments Releases Free Standardized Tool for Assessing Log4j Risks

December 22, 2021 TechDecisions Staff Leave a Comment

SANTA FE, N.M.–(BUSINESS WIRE)–#Log4j—The Shared Assessments Program, the member-driven leader in third party risk assurance, has released a free Standardized Assessment Tool for the Log4j risk. The tool incorporates a questionnaire that enables organizations to conduct urgently needed assessments of their third parties. Shared Assessments also advises organizations to share the tool with their vendors, […]

Yes, There Is A Third Log4j Update Out

The Apache Foundation has released 2.17.0 to address a denial-of-service vulnerability in the popular Java logging tool.

December 20, 2021 Zachary Comeau Leave a Comment

System administrators, software providers and other IT professionals are now urged to patch another vulnerability in Log4j, this time a high-severity denial-of-service vulnerability. The Apache Foundation released Log4j 2.17.0  late Friday, about a week after a critical remote code execution vulnerability was found in the popular logging tool that has impacted every corner of the […]