Vulnerability


  • Image attribution tooltip
    Mario Tama via Getty Images

    Log4j raises cyber risk for public finance entities, Fitch warns

    Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

    By Jan. 19, 2022
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Extracting portions of open source in software development threatens app security

    While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

    By Jan. 19, 2022
  • Image attribution tooltip
    DKosig via Getty Images

    Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

    Researchers say the threat emulation tool may endanger thousands of vulnerable servers.

    By Jan. 18, 2022
  • Image attribution tooltip
    Drew Angerer via Getty Images

    Big tech pushes White House for open source funding, standards after Log4j

    Technology officials are calling on cross-sector collaboration to prevent a recurrence of a Log4j-style security crisis. 

    By Jan. 14, 2022
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far

    An attacker does not need to interact with a user or have privileged access to infect a system. 

    By Jan. 13, 2022
  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    Log4j threat activity limited, but CISA says actors lay in wait

    Microsoft is warning about new activity from a threat actor exploiting the vulnerability in VMware Horizon to deploy ransomware.

    By Jan. 11, 2022
  • Image attribution tooltip
    vchal via Getty Images

    Log4Shell threat activity targeting VMware Horizon, UK researchers warn

    NHS Digital warned unknown threat actors are targeting the servers in order to create web shells and enable future data theft, ransomware or other attacks.

    By Jan. 10, 2022
  • Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC threatens enforcement on firms lax about Log4j vulnerability

    The FTC warning underscores a commitment by federal regulators to ensure a more secure environment for enterprise and consumer software, according to legal experts and industry analysts. 

    By Jan. 5, 2022
  • Image attribution tooltip
    sefa ozel via Getty Images

    Log4j activity expected to play out well into 2022

    As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.

    By Jan. 4, 2022
  • Image attribution tooltip
    anyaberkut via Getty Images

    US allies call for Log4j vigilance as organizations struggle to detect vulnerabilities

    The Five Eyes partners are warning about bad actors taking advantage of the holiday break to launch attacks.

    By Dec. 23, 2021
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Organizations still downloading vulnerable Log4j versions

    Log4j vulnerabilities impacted more than 17,000 Java packages, representing about 4% of the ecosystem, researchers found.

    By Dec. 22, 2021
  • Image attribution tooltip
    Dean Mouhtaropoulos via Getty Images

    Exploits underway for Zoho ManageEngine zero day, compromising enterprises, MSPs

    CISA added the latest ManageEngine vulnerability to its exploit catalog and required government agencies to issue a patch by Dec. 24. 

    By Dec. 21, 2021
  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    Federal authorities brace for long holiday as Log4j threat activity rises

    CISA warned civilian agencies to immediately patch systems before Christmas break as researchers see an increase in malicious activity targeting organizations worldwide.

    By Dec. 20, 2021
  • Image attribution tooltip

    Markus Spiske

    Log4j and the problem with trusting open source

    Open source isn't the issue — companies need mechanisms to ensure the integrity of the software and code they adopt.

    By Dec. 20, 2021
  • Image attribution tooltip
    DKosig via Getty Images

    Log4j: What we know (and what's yet to come)

    The vulnerability has upended federal officials and the infosec industry, putting hundreds of millions of devices and systems at risk. 

    By Dec. 17, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Log4j attacks poised to rise as threat actors search for attack vectors

    Microsoft warns that threat actors are using third-party hosted Minecraft servers to launch ransomware attacks. The company also warned that access brokers are getting into the game.

    By Dec. 16, 2021
  • Image attribution tooltip
    South_agency via Getty Images

    Security teams prepare for the yearslong threat Log4j poses

    Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

    By Dec. 16, 2021
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Log4j threat expands as second vulnerability emerges and nation states pounce

    Early stage ransomware attempts are underway and federal officials are urging organizations to take immediate steps to protect IT systems.

    By Dec. 15, 2021
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    Log4j under siege, millions of devices vulnerable

    Technology firms are scrambling to investigate and patch their systems amid reports of more than 800,000 attempted attacks.

    By Dec. 14, 2021
  • Image attribution tooltip
    JuSun via Getty Images

    Federal authorities, technology vendors race to contain Log4j vulnerability

    The vulnerability is considered to be among the most dangerous over the past decade, according to security researchers.

    By Dec. 13, 2021
  • Image attribution tooltip
    Traitov/iStock/Getty via Getty Images

    Is the security of legacy IT providers prompting a confidence crisis?

    Research commissioned by CrowdStrike found security professionals are losing confidence in providers like Microsoft amid the rise in supply chain attacks. Microsoft has thoughts. 

    By Dec. 8, 2021
  • Image attribution tooltip
    anyaberkut via Getty Images

    Tech adoption makes construction industry top target for cyberattacks

    Companies like Shawmut emphasize strengthening security, as a new report finds that contractors are at high risk for ransomware and other threats.

    By Sebastian Obando • Dec. 2, 2021
  • Image attribution tooltip
    Laurence Dutton via Getty Images

    Gartner guidance moves away from prioritizing critical CVEs, focuses on exploitability

    The analyst firm joined CISA in rethinking CVEs. Focusing on actively exploited vulnerabilities will exponentially improve security, a Gartner analyst said. 

    By Nov. 18, 2021
  • Image attribution tooltip
    sestovic/E+/Getty via Getty Images

    30K Microsoft Exchange Servers remain vulnerable to new tactics

    Organizations have failed to patch widely exploited vulnerabilities, though patches were made available in the spring, Mandiant researchers found.

    By Nov. 18, 2021
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    A year after SolarWinds, third-party risk still threatens the software supply chain

    Digital transformation requirements have pressured organizations to introduce risk into their environments through open source or commercially available software.

    By Nov. 12, 2021