Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...

President of Anomali. A leader in intelligence-driven cybersecurity, an ArcSight cofounder and an Ernst & Young Entrepreneur of The Year. If you are like most security leaders, you've encountered ...

CISA released its own Log4J scanner this week alongside a host of other scanners published by cybersecurity companies and researchers. The open-sourced Log4j scanner is derived from scanners created ...

In December 2021, a vulnerability in the open source Log4J logging service used by developers to monitor their Java applications first came to light, leaving enterprises scrambling to patch affected ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

On Dec. 9, the Apache Software Foundation issued a Log4j security alert that a vulnerability (CVE-2021-44228), aka Log4Shell, allows unauthenticated users to remotely execute or update software code ...

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. No surprise here: The holidays ...

You've probably already read a ton of solid technical analysis about the Log4j vulnerability. But that's not this post. Instead, this post is meant to provide some perspective from decades spent in ...

A joint security alert by CISA and the FBI has warned organizations that haven't applied much-needed Log4j security patches and mitigations to VMware Horizon server instances to assume their network ...

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...