Two years on, 1 in 4 apps still vulnerable to Log4Shell Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Research11 Dec 2023 | 11
US government extends software security deadline because vendors aren't ready This from the Administration that made infosec a priority Software13 Jun 2023 | 4
T-Mobile US suffers second data theft within months in brief Also, Capita's buckets are leaking, ransomware attackers deliver demands via emergency alert, and this week's critical vulns Security08 May 2023 | 6
SBOMs should be a security staple in the software supply chain SCSW Know the ingredients before mixing the code. Oh and pay open source maintainers for goodness' sake... Software05 Mar 2023 | 12
Open source software has its perks, but supply chain risks can't be ignored Analysis While app development is faster and easier, security is still a concern Security22 Feb 2023 | 14
Miscreants sure do love ransacking cloud networks, more so than before Thanks for putting all your data in one basket CSO20 Jan 2023 | 9
Iranian cyberspies exploited Log4j to break into a US govt network It's the gift to cybercriminals that keeps on giving Security16 Nov 2022 | 8
China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they? Report finds increase in anonymous vuln reports Research27 Sep 2022 | 4
Time from vulnerability disclosures to exploits is shrinking Palo Alto Networks Unit 42 incident response team warns of patch speedups Security27 Jul 2022 |
Homeland Security warns: Expect Log4j risks for 'a decade or longer' Great, another thing that's gone endemic Patches14 Jul 2022 | 12
That critical vulnerability might not be the first you should patch Startup Rezilion suggests enterprises should change prioritization strategies Security30 May 2022 | 5
Software patching must work like car safety recalls, says US cyber boss Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration CSO13 May 2022 | 30
AWS's Log4j patches blew holes in its own security Remote code exec is so 2014. Have this container escape and privilege escalation, instead Patches20 Apr 2022 | 10
VMware Horizon platform pummeled by Log4j-fueled attacks Miscreants deployed cryptominers, backdoors since late December, Sophos says Security30 Mar 2022 | 4
Triton malware still a threat to energy sector, FBI warns In Brief Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad Security28 Mar 2022 | 1
Satellite comms networks on alert after US govt warning In Brief Plus: Security teams burning out, more Conti leaks analysis, and Log4j still plagues enterprises Security21 Mar 2022 | 4
Linux botnet exploits Log4j flaw to hijack Arm, x86 systems On a plus side, their code's not very good Security16 Mar 2022 | 4
VMware fixes vSphere release it pulled, sorts out Log4j while it's at it Driver drama is done, new dev practices should prevent repeats, says Virtzilla Virtualization28 Jan 2022 | 2
Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers Anti-malware biz weighs in on one of the worst security flaws of recent times Security25 Jan 2022 | 19
Open source isn't the security problem – misusing it is Opinion Security is a process, not a product Software12 Jan 2022 | 43
Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz It's not as though folks haven't been warned about this Security11 Jan 2022 | 20
You better have patched those Log4j holes or we'll see what a judge has to say – FTC Apply fixes responsibly in a timely manner or face the wrath of Lina Khan Security05 Jan 2022 | 9
Alibaba Cloud slapped by Chinese ministry for mishandling Log4j Beijing's not saying what cloudy contender did wrong Security23 Dec 2021 | 12
Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability Perpetrators' ID unknown, however Security21 Dec 2021 | 60
Log4j and Omicron: Brothers in harm, mothers of invention Opinion That which does not kill us can still ruin our Christmas Columnists20 Dec 2021 | 36
Bad things come in threes: Apache reveals another Log4J bug Third major fix in ten days is an infinite recursion flaw rated 7.5/10 Security19 Dec 2021 | 36
Mars helicopter mission (which Apache says is powered byLog4j) overcomes separate network glitch to confirm new flight record Ingenuity clocks up 30 minutes flying in the Martian skies Science16 Dec 2021 | 40
As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Security15 Dec 2021 | 11
CompSci boffins claim they can recreate missing lines in log files 'Event imputation' draws on lots of other sources to fill in gaps Applications15 Dec 2021 | 58
Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16 Now open-source logging library's JNDI disabled entirely by default, message lookups removed Security14 Dec 2021 | 15
Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source? Analysis Would more money have prevented this security flaw? Would the cash be useful in other ways anyway? Software14 Dec 2021 | 113
Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching Updated This might be the bug that deserves the website, logo and book deal Security13 Dec 2021 | 36
Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility Updated Prepare to have a very busy weekend of mitigating and patching Security10 Dec 2021 | 65