log4j Archives

Mirantis Secure Registry 3.0 makes repositories more secure and encrypted

January 19 2 min Trends

Docker's software supply chain becomes more secure by providing a secure container registry to mitigate inherent risks Mirantis has just launched a new product, Secure Registry 3.0, to deploy and build secure registries across any Kubernetes distribution. The in-built security features let custo...

Google and IBM want worldwide lists of essential open source software

January 14 2 min Security

Google and IBM see public-private partnerships as the solution to identifying and securing vulnerable open source software. "Open source software should receive the same funding as bridges and roads", said Kent Walker, Chief Legal Officer at Google. IBM and Google presented the solution during a...

UK NHS warns of Log4j vulnerability in VMware Horizon

January 10 2 min Security

The UK's National Health Service (NHS) has issued a warning stating that hackers are actively exploiting Log4j vulnerabilities in unpatched VMware Horizon servers. Log4j vulnerabilities are everything but a concern of the past. The problem continues to claim victims. The UK NHS recently issued a...

Security researchers find new Log4Shell in H2 database software

January 7 1 min Security

Security organization JFrog has found a vulnerability in H2. The problem is similar to Log4Shell, the infamous threat in Log4j. H2 consoles on servers accessible from the outside can be abused for remote code execution (RCE). Multiple lines of code in H2 send urls to a 'javax.naming.Context.look...

Failed to patch Log4j? You might be risking a million-dollar penalty

January 5 2 min Security

The US Consumer and Market Authority (Federal Trade Commission) is threatening fines of hundreds of millions of dollars for American organizations that fail to patch Log4j. On December 9, Alibaba's cloud security team disclosed a vulnerability in Log4j. The wildly popular Java library is applied...

Log4j update in Microsoft 365 Defender causes stream of false notifications

December 31 1 min Security

The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem. This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen...

China-based Aquatic Panda hackers actively exploit Log4j

December 30 2 min Security

Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists. According to CrowdStrike, China-based hackers launched an attack...

Microsoft issues Defender updates to address Log4j vulnerability

December 29 1 min Security

Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster. Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other...

Apache releases new patch 2.17.1 for Log4j vulnerability

December 29 1 min Security

Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution. The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow...

The White House invests in open-source software security

December 27 1 min Security

The Biden administration is investing in open-source software security. Bloomberg reports that several open-source software providers and developers were invited to a governmental meeting in mid-January 2021. According to Bloomberg, U.S. National Security Advisor Jake Sullivan has invited key te...

Log4j 2.16 vulnerable to DoS attacks, emergency patch 2.17 advised

December 20 2 min Security

The impact of the infamous vulnerability in Java library Log4j drags on. Although the initial issue was resolved with patches 2.14, 2.15 and 2.16, the latter version appears to be susceptible to abuse as well. Security researchers found an entrance for Denial of Service (DoS) attacks. Log4j 2.17 wa...

Log4j 2.15 is not foolproof; Apache publishes second emergency patch

December 15 2 min Security

The emergency patch for the infamous vulnerability in Java library Log4j is not foolproof. Its developer, Apache Software Foundation, publishes a new version (2.16) in hopes of eliminating the vulnerability once and for all. A severe vulnerability in an extremely popular Java library puts the gl...

Cookie	Type	Duration	Description
_ga	persistent	2 years	Basic Google Analytics cookie for identifying visitors on our website. We run a limited version of Google Analytics for visitors that haven't agreed on any cookies yet, where data is anonymized and marketing features are disabled.
_gid	persistent	1 day	Basic Google Analytics cookie for identifying visitors on our website. We run a limited version of Google Analytics for visitors that haven't agreed on any cookies yet, where data is anonymized and marketing features are disabled.
cli_user_preference	persistent	1 year	This cookie makes this cookie bar work. Your cookie preferences are saved in cookies, so we remember your preferences during your next visit.
cookielawinfo*	persistent	1 year	These cookies make this cookie bar work. Your cookie preferences are saved in cookies, so we remember your preferences during your next visit.
darkmode	persistent	1 year	This cookie decides if the website should be turned to darkmode or can stay normal.
hidecountry	persistent	1 year	This cookie is set when you are visiting Techzine from a different country than it's target market. You can get the advise to visit the local Techzine version, if you close this message, you won't be reminded because of this cookie.
PHPSESSID	session	1 day	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	persistent	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_*	session	30 days	Wordpress uses multiple cookies so the editorial team can log into the back-end. Visitors usually don't get these cookies.
wp-*	session	30 days	Wordpress uses multiple cookies so the editorial team can log into the back-end. Visitors usually don't get these cookies.

Cookie	Type	Duration	Description
crp_lastvisit	third party	1 year	This cookie is also part of the personalised feed, we keep track of when you visit and when you last visited. Based on those dates we can offer you a better overview of articles you have mist in the meanwhile you were gone.
crp_visit	third party	1 year	This cookie is also part of the personalised feed, we keep track of when you visit and when you last visited. Based on those dates we can offer you a better overview of articles you have mist in the meanwhile you were gone.
crph	third party	1 year	This cookie contains the hash of the contentreveal platform, which Techzine uses to offer newsletter and personalisation services. Without this cookie you can not use your personal feed or edit your Techzine account details.

Cookie	Type	Duration	Description
__cfduid	third party	Very short	This cookie is being used by our e-mail system to track users across our website.
_gat_*	session	1 minute	Google Analytics uses this cookie. With this cookie, we still cannot see any personal information. We can, however, better understand our visitors, for example, from which countries and cities they come.
cmp*	third party	30 days	This cookie is being used by our e-mail system to track users across our website.
prism_*	third party	30 days	This cookie is being used by our e-mail system to track users across our website.

Cookie	Type	Duration	Description
bcookie	third party	2 years	This cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
bscookie	persistent	2 years	This cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
lang	third party	Very short	This cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
lidc	third party	1 day	This cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
UserMatchHistory	third party	30 days	This cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.

Tag: log4j