Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
CBS News

Panel finds notorious Log4j internet bug did not lead to any "significant" attacks on critical infrastructure

A panel of U.S. government officials and private-sector experts tasked with investigating the nation's major cybersecurity failures has concluded that the notorious Log4j internet bug did not prompt ...
Gizmodo

Log4j: Just How Screwed Are We?

All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Gizmodo may earn an affiliate commission. Reading time 5 minutes Well, ...
Gizmodo

FTC to Companies: Patch Log4j ASAP or Suffer Our Wrath

The Federal Trade Commission has a message for companies that aren’t taking the threat posed by log4j to heart: Patch up or lawyer up. Consider yourselves warned. By now, you’ve surely heard of the ...
koaa

Colorado cybersecurity expert explains the Log4j bug that's led to 'tens of thousands' of attacks

DENVER — The Biden administration is warning of a “severe risk” from a software vulnerability known as the log4shell bug. The bug impacts the logging framework for Java, log4j, which is run on ...
Threat Post

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Attackers are trying to log in to SolarWinds Serv-U file-sharing ...
Wall Street Journal

Hackers Backed by Foreign Governments See Opportunity With Log4j Bug

This transcript was prepared by a transcription service. This version may not be in its final form and may be updated. Zoe Thomas: This is your Tech News Briefing for Thursday, December 16th. I'm Zoe ...
Bleeping Computer

‘Hack DHS’ bug bounty program expands to Log4j security flaws

The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. "In ...
ZDNet

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. As predicted ...
Bleeping Computer

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...
ZDNet

Log4j added to DHS bug bounty program

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and Homeland Security Secretary Alejandro Mayorkas announced the expansion of the "Hack DHS" bug bounty program, noting on ...