Log4j Archives - Help Net Security

Log4j

Recovering from a cybersecurity earthquake: The lessons organizations must learn

May 16, 2022

It’s been over a year since the SolarWinds supply chain hack sent shockwaves through thousands of organizations worldwide, but this cybersecurity earthquake is by no means …

The 15 most exploited vulnerabilities in 2021

April 28, 2022

In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by …

Vulnerabilities that kept security leaders busy in Q1 2022

April 21, 2022

In this video for Help Net Security, Yotam Perkal, VP of Research at Rezilion, talks about the most critical vulnerabilities published during Q1 2022, and the relevant …

Log4Shell exploitation: Which applications may be targeted next?

April 5, 2022

Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …

The not so scary truth about zero-day exploits

March 22, 2022

We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. …

Qualys platform study: Log4Shell, the menace continues

March 21, 2022

The anatomy of Log4Shell By now, we are all familiar with the fact that Log4Shell is just about as critical as a critical vulnerability can get – scoring a 10 out of 10 on the …

Security leaders want legal action for failing to patch for Log4j

March 2, 2022

The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world. 61% of organizations responding to …

Cybercrime getting more destructive, remote workers in the crosshairs

February 28, 2022

Fortinet’s threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime …

How Log4Shell remediation interfered with organizations’ cybersecurity readiness

February 24, 2022

(ISC)² published the results of an online poll examining the Log4j vulnerability and the human impact of the efforts to remediate it. Cybersecurity professionals from around …

Log4Shell: A retrospective

February 15, 2022

Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …

Log4j exploitation risk is not as high as first thought, cyber MGA says

February 11, 2022

When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has …

How would zero trust prevent a Log4Shell attack?

January 27, 2022

There is a seemingly trivial solution to any remote code execution attack, namely: do not to let the inbound traffic match the pattern that triggers the vulnerability of the …

Log4j

Recovering from a cybersecurity earthquake: The lessons organizations must learn

The 15 most exploited vulnerabilities in 2021

Vulnerabilities that kept security leaders busy in Q1 2022

Log4Shell exploitation: Which applications may be targeted next?

The not so scary truth about zero-day exploits

Qualys platform study: Log4Shell, the menace continues

Security leaders want legal action for failing to patch for Log4j

Cybercrime getting more destructive, remote workers in the crosshairs

How Log4Shell remediation interfered with organizations’ cybersecurity readiness

Log4Shell: A retrospective

Log4j exploitation risk is not as high as first thought, cyber MGA says

How would zero trust prevent a Log4Shell attack?

Don't miss

How to eliminate the weak link in public cloud-based multi-party computation

GM, Zola customer accounts compromised through credential stuffing

Hijacking of popular ctx and phpass packages reveals open source security gaps

Sigstore: Signature verification for protection against supply chain attacks

Why are current cybersecurity incident response efforts failing?