News

CSOonline3y
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps
even current Java 11 versions, are impacted when running a vulnerable version of log4j,” researchers from LunaSec said in a mitigation guide. “Just upgrading your Java version is insufficient ...
ZDNet3y
Security warning: New zero-day in the Log4j Java library is already being exploited
A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as CVE ...
Ars Technica3y
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet
Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source ... due to their dependency on older versions for mod compatibility.” Reports are already ...
Bleeping Computer3y
Log4j 2.17.1 out now, fixes new remote code execution bug
Log4j users should immediately upgrade to the latest release 2.17.1 (for Java 8). Backported versions 2.12.4 (Java 7) and 2.3.2 (Java 6) containing the fix are also expected to be released shortly.
IT World Canada3y
It could take years for applications using vulnerable version of Java log4j library to be patched, says expert
Log4j is a library that helps IT administrators ... providers to apply mitigations. Adobe also says Java 7+ users should migrate to version 2.8.2 or avoid using the socket server classes.
ZDNet3y
Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability
Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute, security researchers have warned. The Log4j flaw ...