On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...

Takeaway: Log4j, also known as the Log4Shell vulnerability, is a critical threat, and no organization should assume it is safe. Determining exposure to Log4j, and fixing vulnerabilities, should be a ...

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

A month after the disclosure of CVE-2021-44228, aka Log4Shell, a critical vulnerability in the Apache Log4j Java package, up to 40% of new downloads are still at risk of compromise despite the ...

The U.S. Federal Trade Commission (FTC) issued a warning on Tuesday that it intends to take legal action against companies that disclose customer information because they failed to address an ...

The U.S. Federal Trade Commission (FTC) intends to use its "full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of the Log4j ...

Microsoft updated its Dec. 11 Log4j vulnerability tools guidance on Monday, offering advice on detecting and addressing possible "Log4Shell" exploits. The announcement offered some news on the ...

Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. Years from now, everyone in the software world will remember December 9, 2021, the day that ...

Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library. Critical systems will be impacted.

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success. As expected, ...