IEEE

Do Developers Depend on Deprecated Library Versions? A Mining Study of Log4j

Abstract: Log4j has become a widely adopted logging library for Java programs due to its long history and high reliability. Its widespread use is notable not only because of its maturity but also due ...
IEEE

An approach for exploiting and mitigating Log4J using Log4Shell vulnerability

Abstract: A new serious flaw has been discovered in log4j, a popular open-source tool used to produce logs within Java programs. The Log4Shell vulnerability, also referred as CVE-2021-44228, enables ...
techzine

Is React2Shell the new Log4Shell?

A vulnerability in the ubiquitous logging software Log4j caused immediate turmoil when it was revealed at the end of 2021. Detecting it proved easier said than done in the months and years that ...
cybermagazine

Google Cloud and Wiz: A Multi-Cloud Security Model

The Google/Wiz collaboration provides a cloud-native security solution that scans for risks in minutes and scales for global enterprises While cloud infrastructures offer enterprises benefits such as ...
The Record

First Cyber Safety Review Board report finds Log4j has become an 'endemic vulnerability'

The flaw uncovered late last year in the widely-used Log4j Java library will remain a danger for many years to come, the independent body charged with investigating the global incident said Thursday.
The Record

Spring confirms ‘Spring4Shell’ zero-day, releases patched update

Earlier this week, experts released details on a remote code execution (RCE) vulnerability affecting the Spring Framework. Digital Shadows co-founder James Chappell told The Record that the Spring ...
Cloud Security Alliance

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection ...
TWCN Tech News

Java is not recognized as internal or external command

There are various instances of this issue that we get such as JAVAC’, JRE, ‘MVN’, JAR’ is not recognized as an internal or external command, operable program or batch file, ‘Java’ is not recognized as ...
GitHub

memory leak possible in log4j-core

We are running our process which uses Log4j 2.20 on Windows and Linux crashes with OutOfMemory error after about a week or in 2-3 days. The other process which uses ...
CSOonline

Lazarus APT attack campaign shows Log4Shell exploitation remains popular

The ongoing attack targets manufacturing, agricultural, and physical security organizations that have yet to fix vulnerabilities in the Log4j code. Despite receiving a patch two years ago, the ...
The Hacker News

Do You Really Trust Your Web Application Supply Chain?

Well, you shouldn't. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components ...