Skip to content

In the News

Featured

06/13/2024

Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives

Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”

Read More
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives

12/16/2021

No one’s losing faith over open source software despite Log4Shell, says expert

IT departments and developers around the world are furiously scanning applications for evidence of the critical zero-day vulnerability in the Apache log4j2 Java-based logging library in open source code on their systems. 

Read More arrow-right-tertiary

12/16/2021

SHARED INTEL: Log4j vulnerability presents a gaping attack vector companies must heed in 2022

As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head.

Read More arrow-right-tertiary

12/16/2021

NEWS INSIGHTS: THE LOG4J DISASTER

The Log4j cyber threat is being compared to the notorious Equifax hack of 2017, which affected 147 million Americans. However, the Log4j exploit has far greater reach due to the software component’s widespread adoption.

Read More arrow-right-tertiary

12/15/2021

Log4j vulnerability is “absolutely brutal”

A major vulnerability was discovered Thursday in the technology Log4j, which is a popular logging package in Java. 

Read More arrow-right-tertiary

12/15/2021

Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory

The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.

Read More arrow-right-tertiary

12/15/2021

Mass Scanning Activity for Apache’s Log4j Zero-Day Vulnerability Detected in the Wild

Hackers are actively targeting the Apache Log4j zero-day vulnerability that security researchers initially discovered on Minecraft servers running the application’s Java version.

Read More arrow-right-tertiary

12/15/2021

Enterprises See Exponential Growth in log4jshell Attacks

Hackers rush to exploit the vulnerability to steal data, deploy ransomware, install back doors, create botnets, mine cryptocurrencies, and conduct other illegal activities.

Read More arrow-right-tertiary

12/15/2021

Log4Shell Vulnerability: How DevSecOps Pros Can Mitigate Risk

A critical vulnerability in the Log4j library is impacting organizations worldwide. 

Read More arrow-right-tertiary

12/13/2021

227: Log4j with Steve Wilson and Sarbjeet Johal

Click here to listen to the pod cast.

Read More arrow-right-tertiary

12/13/2021

Surag Patel, Contrast Security: a single point of code insertion can have monumental repercussions

The increasing digitalization of business processes calls not only for a safe but also a next-generation approach to application security.

Read More arrow-right-tertiary

12/13/2021

Critical Log4Shell security flaw lets hackers compromise vulnerable servers

Apache has patched the vulnerability in its Log4j 2 library, but attackers are searching for unprotected servers on which they can remotely execute malicious code.

Read More arrow-right-tertiary

12/11/2021

It could take years for applications using vulnerable version of Java log4j library to be patched, says expert

Infosec leaders around the world are being urged to heed warnings from national computer emergency teams, software suppliers and cybersecurity experts about a critical logging-related vulnerability in Apache, Apple iCloud and other business applications. 

Read More arrow-right-tertiary

Experience Contrast today

Schedule a one-to-one demo to see what Contrast Runtime Security can do for you