My TechDecisions

Search Results: log4shell

Microsoft January Patch Tuesday

Log4j Exploits Stretch Into Second Month

Microsoft is urging organizations to continue their vigilance against the Log4j bugs as known threat actors adopt the exploits.

January 4, 2022 Zachary Comeau Leave a Comment

IT and security professionals should continue to be vigilant and look for signs of vulnerable versions of Log4j as exploitation attempts stretch into a second month, Microsoft warns. According to an update to a running Microsoft security blog on the issue, sophisticated threat actors like nation-state groups and others are rolling Log4J exploitations into its […]

Read More
Log4Shell, Log4j, CVE-2021-44228

Use These Free, Publicly Available Log4j Scanning Tools

Microsoft, CrowdStrike, CISA and other organizations have released open-sourced Log4j scanning tools to help you find Log4Shell vulnerabilities.

December 29, 2021 Zachary Comeau Leave a Comment

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Since Log4j is a hugely popular Java […]

Read More
Log4Shell, Log4j, CVE-2021-44228

Yes, There Is A Third Log4j Update Out

The Apache Foundation has released 2.17.0 to address a denial-of-service vulnerability in the popular Java logging tool.

December 20, 2021 Zachary Comeau Leave a Comment

System administrators, software providers and other IT professionals are now urged to patch another vulnerability in Log4j, this time a high-severity denial-of-service vulnerability. The Apache Foundation released Log4j 2.17.0  late Friday, about a week after a critical remote code execution vulnerability was found in the popular logging tool that has impacted every corner of the […]

Read More
Log4j, Older Vulnerabilities, CISA KEV

Which Products Are Impacted By the Log4j Vulnerability?

CISA and other governments' agencies are maintaining updated lists of vendors with software impacted by the Log4j vulnerability.

December 15, 2021 Zachary Comeau Leave a Comment

Multiple governments have released a long list of IT vendors and their products that are impacted by the Log4j vulnerability, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Dutch National Cyber Security Centrum (NCSC) The two agencies are maintaining running lists of vendors impacted by the vulnerability on their respective GitHub repositories, […]

Read More
Log4j Vulnerability

What You Need To Know About The Log4j Vulnerability

We asked Paul Ducklin, principal research scientist at cybersecurity firm Sophos, about what the Log4j vulnerability means for IT pros.

December 13, 2021 Zachary Comeau Leave a Comment

The Log4J vulnerability discovered late last week continues to make lives extremely busy for IT and cybersecurity professionals and software vendors rush to investigate if their products are vulnerable and push patches out to customers while those customers investigate the hundreds of apps their organization uses to determine how exposed they are. The widely used […]

Read More
Fortinet Vulnerability, Fortigate

Critical Vulnerability in Java Logging Library Log4j Is Being Actively Exploited

The Java logging library vulnerability is impacting widely used software, with more likely to be affected, security experts say.

December 10, 2021 Zachary Comeau Leave a Comment

Security researchers have discovered a new easy-to-exploit zero-day vulnerability in the ubiquitous Java logging library Apache Log4j 2 that could give attackers the ability to execute unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency, along with dozens of cybersecurity providers, have issued alerts and advisories of the vulnerability, CVE-2021-44228, which they warn […]

Read More