Wired

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...
Times Union

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what's at stake

Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...
Threat Post

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices

On-demand Event: Watch NOW to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk. On-demand Event: Watch NOW to learn why the Log4j vulnerability remains ...
ZDNet

CISA director: 'We have not seen significant intrusions' from Log4j -- yet

Officials with the US Cybersecurity and Infrastructure Security Agency (CISA) said on Monday that they have not seen the exploitation of Log4Shell result in significant intrusions since the ...
VentureBeat

Many orgs are still failing to address Log4j — here’s why

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...
Dark Reading

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Microsoft this week warned organizations about the high potential for threat actors to expand the use of the recently discovered remote code execution (RCE) vulnerabilities in the Apache Log4j logging ...