Here you will find all the articles with the tag: log4j.
Docker's software supply chain becomes more secure by providing a secure container registry to mitigate inherent risks Mirantis has just launched a new product, Secure Registry 3.0, to deploy and build secure registries across any Kubernetes distribution. The in-built security features let custo... Read more
2 years ago
Google and IBM see public-private partnerships as the solution to identifying and securing vulnerable open source software. "Open source software should receive the same funding as bridges and roads", said Kent Walker, Chief Legal Officer at Google. IBM and Google presented the solution during a... Read more
2 years ago
The UK's National Health Service (NHS) has issued a warning stating that hackers are actively exploiting Log4j vulnerabilities in unpatched VMware Horizon servers. Log4j vulnerabilities are everything but a concern of the past. The problem continues to claim victims. The UK NHS recently issued a... Read more
2 years ago
Security organization JFrog has found a vulnerability in H2. The problem is similar to Log4Shell, the infamous threat in Log4j. H2 consoles on servers accessible from the outside can be abused for remote code execution (RCE). Multiple lines of code in H2 send urls to a 'javax.naming.Context.look... Read more
2 years ago
The US Consumer and Market Authority (Federal Trade Commission) is threatening fines of hundreds of millions of dollars for American organizations that fail to patch Log4j. On December 9, Alibaba's cloud security team disclosed a vulnerability in Log4j. The wildly popular Java library is applied... Read more
2 years ago
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem. This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more
2 years ago
Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists. According to CrowdStrike, China-based hackers launched an attack... Read more
2 years ago
Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster. Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other... Read more
2 years ago
Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution. The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow... Read more
2 years ago
The Biden administration is investing in open-source software security. Bloomberg reports that several open-source software providers and developers were invited to a governmental meeting in mid-January 2021. According to Bloomberg, U.S. National Security Advisor Jake Sullivan has invited key te... Read more
2 years ago
