CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...
The Conversation

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...
CSOonline

Detect and Remediate the Exploitation of the Log4j Vulnerability

Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ...
InfoWorld

Write custom appenders for log4j

statements, however. The logging system can add contextual information—filename, line number, and date, for example—to the message automatically. You can redirect the messages to different ...
InfoWorld

How developers scrambled to secure the Log4j vulnerability

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess. Last weekend, the internet caught fire, ...
ZDNet

Apache's new security update for HTTP Server fixes two flaws

The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system. The first Apache ...