President of Anomali. A leader in intelligence-driven cybersecurity, an ArcSight cofounder and an Ernst & Young Entrepreneur of The Year. If you are like most security leaders, you've encountered ...

On Dec. 9, the Apache Software Foundation issued a Log4j security alert that a vulnerability (CVE-2021-44228), aka Log4Shell, allows unauthenticated users to remotely execute or update software code ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ...

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More There’s no way to sugarcoat it: the widespread vulnerability in Apache ...

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...

Attackers who want to exploit the critical remote code execution vulnerability disclosed in the Apache Log4j logging tool over four months ago still have a vast array of targets to go after. In a ...

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...