Wired

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...
Yahoo

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what's at stake

Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...
Government Technology

Review Board Recommends Steps to Tackle Long-Term Log4J Risk

The Log4j vulnerability discovered late last year could continue putting systems at risk for “a decade or longer,” as unpatched instances linger on systems, according to a new report out this week.
VentureBeat

Device42 aims to identify Log4j vulnerabilities

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Jen Easterly, director of the Cybersecurity and Infrastructure Security ...
FedScoop

DHS board: No one used software inventories to find vulnerable Log4j deployments

WASHINGTON, DC - NOVEMBER 16: Department of Homeland Security Secretary Alejandro Mayorkas testifies during a Senate Judiciary Committee hearing in Washington, DC. (Photo by Drew Angerer/Getty Images) ...
InfoWorld

What app developers need to do now to fight Log4j exploits

Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future. Earlier this month, security researchers uncovered a ...
Nextgov

How the Log4j Vulnerability is Forcing Change in Federal Cybersecurity Policy

Get the latest federal technology news delivered to your inbox. If there is a silver lining to all the hours cybersecurity personnel spent over the holiday break—and will continue to spend months into ...
Dark Reading

CISA's New Log4j Scanner Aims to Find Vulnerable Apps

The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source scanner that businesses can use to find Web services vulnerable to Log4j remote code execution vulnerabilities ...
CSOonline

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope. The year 2021 was unprecedented in the ...
Marketplace

Companies are scrambling to fix a dangerous vulnerability in common software

IT departments and cybersecurity specialists have been scrambling to deal with a dangerous vulnerability in a piece of software that’s very common — even though you’ve probably never heard of it. It’s ...
ZDNet

Fortinet: Log4j had nearly 50x activity volume of ProxyLogon

Cybersecurity giant Fortinet found that Log4j had nearly 50 times the activity volume compared to ProxyLogon based on peak 10-day average volume in the second half of 2021. The finding was part of the ...