Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
12/16/2021
No one’s losing faith over open source software despite Log4Shell, says expert
IT departments and developers around the world are furiously scanning applications for evidence of the critical zero-day vulnerability in the Apache log4j2 Java-based logging library in open source code on their systems.
12/16/2021
SHARED INTEL: Log4j vulnerability presents a gaping attack vector companies must heed in 2022
As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head.
12/16/2021
NEWS INSIGHTS: THE LOG4J DISASTER
The Log4j cyber threat is being compared to the notorious Equifax hack of 2017, which affected 147 million Americans. However, the Log4j exploit has far greater reach due to the software component’s widespread adoption.
12/15/2021
Log4j vulnerability is “absolutely brutal”
A major vulnerability was discovered Thursday in the technology Log4j, which is a popular logging package in Java.
12/15/2021
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.
12/15/2021
Mass Scanning Activity for Apache’s Log4j Zero-Day Vulnerability Detected in the Wild
Hackers are actively targeting the Apache Log4j zero-day vulnerability that security researchers initially discovered on Minecraft servers running the application’s Java version.
12/15/2021
Enterprises See Exponential Growth in log4jshell Attacks
Hackers rush to exploit the vulnerability to steal data, deploy ransomware, install back doors, create botnets, mine cryptocurrencies, and conduct other illegal activities.
12/15/2021
Log4Shell Vulnerability: How DevSecOps Pros Can Mitigate Risk
A critical vulnerability in the Log4j library is impacting organizations worldwide.
12/13/2021
Surag Patel, Contrast Security: a single point of code insertion can have monumental repercussions
The increasing digitalization of business processes calls not only for a safe but also a next-generation approach to application security.
12/13/2021
Critical Log4Shell security flaw lets hackers compromise vulnerable servers
Apache has patched the vulnerability in its Log4j 2 library, but attackers are searching for unprotected servers on which they can remotely execute malicious code.
12/11/2021
It could take years for applications using vulnerable version of Java log4j library to be patched, says expert
Infosec leaders around the world are being urged to heed warnings from national computer emergency teams, software suppliers and cybersecurity experts about a critical logging-related vulnerability in Apache, Apple iCloud and other business applications.