MarketWatch

Top cyber official has never seen a more ‘serious vulnerability.’ Here’s what you should know about Log4j

In the months since the Apache Software Foundation announced a major security vulnerability in its Log4j 2 software library, cybersecurity experts have said they’ve seen attacks targeted across a ...
ZDNet

Security warning: New zero-day in the Log4j Java library is already being exploited

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...
ZDNet

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
Computing

Third Log4j vulnerability uncovered, Apache releases version 2.17.0

The Apache Software Foundation (ASF) has rolled out another update - version 2.17.0 - for its Java-based open-source logging library Log4j to address a third security vulnerability discovered in the ...
CSOonline

4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk. The IT security community has been hard at work for the past ...