如果你多少关注信息安全资讯，或许在最近几天已经频繁听到 Log4Shell 这个漏洞的名字——或者一些更具传播性的说法，诸如「互联网正在着火」「过去十年最严重的漏洞」「现代计算机历史上最大漏洞」「难以想到哪家公司不受影响」之类（参见《洛杉矶时报 ...

「互联网正在着火」？ 如果你多少关注信息安全资讯，或许在最近几天已经频繁听到Log4Shell这个漏洞的名字——或者一些更具传播性的说法，诸如「互联网正在着火」「过去十年最严重的漏洞」「现代计算机历史上最大漏洞」「难以想到哪家公司不受影响」之类 ...

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining ...

Log4Shell is a vulnerability found in the feature 'JNDI Lookup' that has been included since version 2.0 beta 9 of Log4j, which dynamically reads a class file from any LDAP server with a specific ...

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments ...

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to ...

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...