Major Government Attack Highlights How Log4j is Still Unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...

Java Serialisation - the gift that keeps on taking (Part 1)

By Steve Poole on March 11, 2022 java

6 minute read time

Log4Shell impels us to review the reasons Java needs serialisation, how to use it safely and what other options exist. Part 1 examines the design
Read More...

Wicked Good Development - Cybersecurity Experts Talk Log4J, Open Source and More

By Kadi Grigg on February 04, 2022 Everything Open Source

34 minute read time

3 experts with different views on the world of software talk about the latest in development news. Today's episode: Log4j, White house and Open Source
Read More...

New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

By Ax Sharma on January 21, 2022 vulnerabilities

5 minute read time

Apache disclosed 3 vulns impacting Log4j 1.x versions, which included info on a critical Apache Chainsaw vulnerability buried within.
Read More...

FTC Warning in Wake of Log4j: Secure Your Software Supply Chain

By Andrew Yorra on January 06, 2022 legal

3 minute read time

Not addressing Log4shell issues are looking at more than downtime or reputation damage. U.S. regulators are considering lawsuits to enforce security.
Read More...

How Large Organizations Can Easily Scan for Log4j Vulnerabilities

By Rishav Mishra on December 31, 2021 Nexus Lifecycle

7 minute read time

Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.
Read More...

Log4j 2.17.1 fixes another code execution bug, but should you worry?

By Ax Sharma on December 29, 2021 vulnerabilities

7 minute read time

News of another possible open source vulnerability connected to Log4j raised eyebrows. A look at the issue, it's disclosure, and our response.
Read More...

How Much Should the Federal Government Worry About Log4j?

By Jason Nalewak on December 22, 2021 vulnerabilities

7 minute read time

As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...

Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan

By Ax Sharma on December 21, 2021 vulnerabilities

5 minute read time

Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter
Read More...