My TechDecisions

Search Results: log4j

Log4j, Most Exploited Vulnerabilities

30% Of Log4j Instances Remain Vulnerable To Exploitation

Qualys finds that nearly a third of Log4j instances remain vulnerable to attack more than three months after the flaw was discovered.

March 24, 2022 Zachary Comeau Leave a Comment

More than two months after the Log4j vulnerabilities known as Log4Shell were discovered, 30% of Log4j instances remain vulnerable for hackers to exploit and take control of affected systems, according to cybersecurity firm Qualys. The company indexed more than 10 trillion data points across its installed enterprise customer base and completed six billion IP scans […]

Read More

Google Reports 400,000 Daily Log4j scans

Google says it is continuing to see as many as 400,000 daily scans for Log4j vulnerabilities against Google Cloud.

February 22, 2022 Zachary Comeau Leave a Comment

Google says there are as many as 400,000 scans for Log4j vulnerabilities against Google Cloud each day, suggesting that IT professionals need to continue to be vigilant and ensure that they remediate vulnerable systems. The claim comes in Google’s Threat Horizons Executive Snapshot this month, a quarterly report from the company’s Cybersecurity Action Team. Google […]

Read More
Log4j, Most Exploited Vulnerabilities

A Chinese Ransomware Operator Is Leveraging Log4j Bugs, VMWare Horizon

Ransomware operation leveraging Log4j bugs began attacking internet-facing systems running VMWare Horizon earlier this month, Microsoft says.

January 11, 2022 Zachary Comeau Leave a Comment

The IT and cybersecurity community sounded the alarm last month when researchers discovered vulnerabilities in Log4j, the ubiquitous java logger used by a wide range of tech products. The tool has been patched and vendors are quickly deploying its own patches for products that use the tool, but the situation is not getting much better […]

Read More
Log4J SBOM

Log4j Highlights the Need for a Software Bill of Materials; Here’s How to Create One

Amid the Log4j vulnerabilities, it’s more important than ever that companies prioritize dependency management by creating a SBOM.

January 11, 2022 Bren Briggs, VP of DevOps and Cybersecurity at Hypergiant. Leave a Comment

Just days into the new year and the cybersecurity community is already playing catch up thanks to the recent Log4j vulnerability which illuminated major setbacks in how organizations deal with its own software and open-source packages on which its relies on. In particular, organizations have been caught off guard in auditing its own systems, giving […]

Read More
Microsoft January Patch Tuesday

Log4j Exploits Stretch Into Second Month

Microsoft is urging organizations to continue their vigilance against the Log4j bugs as known threat actors adopt the exploits.

January 4, 2022 Zachary Comeau Leave a Comment

IT and security professionals should continue to be vigilant and look for signs of vulnerable versions of Log4j as exploitation attempts stretch into a second month, Microsoft warns. According to an update to a running Microsoft security blog on the issue, sophisticated threat actors like nation-state groups and others are rolling Log4J exploitations into its […]

Read More
Log4Shell, CVE-2021-44228

Use These Free, Publicly Available Log4j Scanning Tools

Microsoft, CrowdStrike, CISA and other organizations have released open-sourced Log4j scanning tools to help you find Log4Shell vulnerabilities.

December 29, 2021 Zachary Comeau Leave a Comment

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Since Log4j is a hugely popular Java […]

Read More

Shared Assessments Releases Free Standardized Tool for Assessing Log4j Risks

December 22, 2021 TechDecisions Staff Leave a Comment

SANTA FE, N.M.–(BUSINESS WIRE)–#Log4j—The Shared Assessments Program, the member-driven leader in third party risk assurance, has released a free Standardized Assessment Tool for the Log4j risk. The tool incorporates a questionnaire that enables organizations to conduct urgently needed assessments of their third parties. Shared Assessments also advises organizations to share the tool with their vendors, […]

Read More
Log4Shell, CVE-2021-44228

Yes, There Is A Third Log4j Update Out

The Apache Foundation has released 2.17.0 to address a denial-of-service vulnerability in the popular Java logging tool.

December 20, 2021 Zachary Comeau Leave a Comment

System administrators, software providers and other IT professionals are now urged to patch another vulnerability in Log4j, this time a high-severity denial-of-service vulnerability. The Apache Foundation released Log4j 2.17.0  late Friday, about a week after a critical remote code execution vulnerability was found in the popular logging tool that has impacted every corner of the […]

Read More
Log4j, Most Exploited Vulnerabilities

Which Products Are Impacted By the Log4j Vulnerability?

CISA and other governments' agencies are maintaining updated lists of vendors with software impacted by the Log4j vulnerability.

December 15, 2021 Zachary Comeau Leave a Comment

Multiple governments have released a long list of IT vendors and their products that are impacted by the Log4j vulnerability, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Dutch National Cyber Security Centrum (NCSC) The two agencies are maintaining running lists of vendors impacted by the vulnerability on their respective GitHub repositories, […]

Read More