Wired

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...
Government Technology

Review Board Recommends Steps to Tackle Long-Term Log4J Risk

The Log4j vulnerability discovered late last year could continue putting systems at risk for “a decade or longer,” as unpatched instances linger on systems, according to a new report out this week.
VentureBeat

Device42 aims to identify Log4j vulnerabilities

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Jen Easterly, director of the Cybersecurity and Infrastructure Security ...
ZDNet

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described ...
FedScoop

DHS board: No one used software inventories to find vulnerable Log4j deployments

WASHINGTON, DC - NOVEMBER 16: Department of Homeland Security Secretary Alejandro Mayorkas testifies during a Senate Judiciary Committee hearing in Washington, DC. (Photo by Drew Angerer/Getty Images) ...
ZDNet

Log4j flaw: Why it will still be causing problems a decade from now

Despite a well-coordinated effort to rally organizations to patch to the major open-source software flaw, cybersecurity officials don't see an end to the Log4Shell problems for at least a decade. That ...
TechRepublic

Log4j: How to protect yourself from this security vulnerability

The Log4j security vulnerability known as Log4Shell is shaping up to be one of the worst security flaws of the year, potentially affecting millions of applications and painting a bullseye on unpatched ...
InfoWorld

What app developers need to do now to fight Log4j exploits

Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future. Earlier this month, security researchers uncovered a ...
Dark Reading

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

While the worst of Log4Shell may be behind us and much work remains, let's say "Well done" to the security engineers and managers who labored in the trenches in recent weeks. But if you thought the ...
Dark Reading

CISA's New Log4j Scanner Aims to Find Vulnerable Apps

The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source scanner that businesses can use to find Web services vulnerable to Log4j remote code execution vulnerabilities ...
Marketplace

Companies are scrambling to fix a dangerous vulnerability in common software

IT departments and cybersecurity specialists have been scrambling to deal with a dangerous vulnerability in a piece of software that’s very common — even though you’ve probably never heard of it. It’s ...