CBS News

Panel finds notorious Log4j internet bug did not lead to any "significant" attacks on critical infrastructure

A panel of U.S. government officials and private-sector experts tasked with investigating the nation's major cybersecurity failures has concluded that the notorious Log4j internet bug did not prompt ...
Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
Popular Science

What to know about the latest cybersecurity bug in log4j

Breakthroughs, discoveries, and DIY tips sent every weekday. Terms of Service and Privacy Policy. On Saturday, the US Cybersecurity and Infrastructure Security Agency ...
Wall Street Journal

Major Cyber Bug in Log4j to Persist as ‘Endemic’ Risk for Years to Come, U.S. Government Board Finds

The Log4j vulnerability in open-source software came as a shock to many when it came to light at the end of 2021. How can cyber professionals protect their organizations? WASHINGTON—A major ...
The Boston Globe

Emerging ‘Log4j’ software bug spawns worldwide worry over cyber attacks

A bug discovered last week in a bit of software called “Log4j” could be the most dangerous threat to computer network security in years. Governments and businesses worldwide are scrambling to patch ...
Gizmodo

Log4j: Just How Screwed Are We?

Well, it’s certainly been a year for cyber debacles, so, sure, why not tie things off with a nice, fat security vulnerability that affects almost everything on the internet? That sounds about right.
Threat Post

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Attackers are trying to log in to SolarWinds Serv-U file-sharing ...
New Scientist

Log4j software bug is 'severe risk' to the entire internet

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are ...
ZDNet

Log4j added to DHS bug bounty program

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and Homeland Security Secretary Alejandro Mayorkas announced the expansion of the "Hack DHS" bug bounty program, noting on ...
The Next Web

The Log4j bug exposes a bigger issue: Open-source funding (Updated)

Update (December 14 ,2021): We’ve updated this article with information about the new Log4j version release, along with new exploit vectors, and risks related to all Java versions. While you were ...
techtimes

Minecraft Vulnerability Spotted | How to Fix Log4j Bug

A newly discovered vulnerability is now posing a huge threat towards Java versions of Minecraft, making it possible to execute malicious code on servers as well as end-user devices that are playing ...