PC Magazine

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit

The vulnerability allows remote code execution on servers, including those operated by Apple, Twitter, Valve, Tencent, and other major service providers. I've been writing about tech, including ...
MarketWatch

Top cyber official has never seen a more ‘serious vulnerability.’ Here’s what you should know about Log4j

In the months since the Apache Software Foundation announced a major security vulnerability in its Log4j 2 software library, cybersecurity experts have said they’ve seen attacks targeted across a ...
PC Magazine

Microsoft: State-Sponsored Hackers Are Exploiting Log4j Vulnerability

The company also warns that cybercriminal groups are exploiting the flaw, likely to launch ransomware attacks. The critical Apache Log4j 2 vulnerability is paving the way for state-sponsored hackers ...
CSOonline

4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk. The IT security community has been hard at work for the past ...
ZDNet

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...