InfoWorld

Log4j orthogonality by example

Orthogonality is a concept often used to describe modular and maintainable software, but it’s more easily understood by way of a case study. In this article, Jens Dietrich demystifies orthogonality ...
Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
ZDNet

Aquatic Panda infiltrated academic institution through Log4j vulnerability, says CrowdStrike

Cybersecurity company CrowdStrike has discovered an attempt by a China-based group to infiltrate an academic institution through the Log4j vulnerability. CrowdStrike called the group "Aquatic Panda" ...
ZDNet

After Log4j, White House fears the next big open source vulnerability

The White House is holding a meeting today with Apache, Google, Apple, Amazon, and other major tech organizations to discuss software security and open source tools. This comes in the wake of the ...
PC Magazine

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit

The vulnerability allows remote code execution on servers, including those operated by Apple, Twitter, Valve, Tencent, and other major service providers. I've been writing about tech, including ...
Searchenginejournal.com

Catastrophic Log4j Security Fail Threatens Enterprise Systems & Web Apps Worldwide

A serious code execution vulnerability in Log4j has security experts warning of potentially catastrophic consequences for enterprise organizations and web apps. A serious code execution vulnerability ...
Threat Post

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Researchers discovered a bug related to the Log4J logging library ...
Wired

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...
CRN

Log4j Exploit Is ‘A Fukushima Moment’ For Cybersecurity: Tenable CTO

‘We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place,’ writes Tenable CTO Renaud ...
TechRepublic

How to test if your Linux server is vulnerable to Log4j

How to test if your Linux server is vulnerable to Log4j Your email has been sent Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here ...
Hackaday

This Week In Security: The Log4j That Won’t Go Away, WebOS, And More

In the past two weeks, Log4j has continued to drive security news, with more vulnerable platforms being found, and additional CVEs coming out. First up is work done by TrendMicro, looking at electric ...