Vulnerability: Page 3


  • Close up stock photograph of a mature man working with a large computer screen. He’s working with 3D software examining complicated shapes.
    Image attribution tooltip
    Laurence Dutton via Getty Images

    Cybersecurity outlook for 2022

    Nation-state cyberthreats and Log4j have the security community on high alert; organizations need to master response and remediation.  

    By Feb. 14, 2022
  • Communication network concept. GUI (Graphical User Interface).
    Image attribution tooltip
    metamorworks via Getty Images

    Log4j highlights ongoing cyber risk from free, open source software: Moody's

    Limited investment and slow remediation response continues to challenge open source software.

    By Feb. 11, 2022
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images

    Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching

    Onapsis security researchers warn attackers could take full control of systems to steal data, disrupt critical business functions and launch ransomware.

    By Feb. 10, 2022
  • Image attribution tooltip
    Stefan Zaklin via Getty Images

    Apache tells US Senate committee the Log4j vulnerability could take years to resolve

    While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

    By Feb. 9, 2022
  • Laptop
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    NIST targets software supply chain with guidance on security standards

    Guidelines call for developers to attest they use secure software practices.

    By Feb. 7, 2022
  • Image attribution tooltip

    Canva.com

    Sponsored by Enzoic

    In 2022, you can no longer afford to ignore credential security

    Credentials are among the most sought-after targets by hackers due to the low risk and high rewards.

    Jan. 31, 2022
  • Illustration of locks layered above circuity.
    Image attribution tooltip
    Traitov/iStock/Getty via Getty Images

    Blackberry links initial access broker activity to Log4Shell exploit in VMware Horizon

    The threat actor primarily installed cryptomining software onto affected systems. In some cases, however, it deployed Cobalt Strike beacons, Blackberry found.

    By Jan. 26, 2022
  • Image attribution tooltip
    Mario Tama via Getty Images

    Log4j raises cyber risk for public finance entities, Fitch warns

    Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

    By Jan. 19, 2022
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Extracting portions of open source in software development threatens app security

    While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

    By Samantha Schwartz • Jan. 19, 2022
  • High quality 3D rendered image, perfectly usable for topics related to big data, global networks, international flight routes or the spread of a pandemic / computer virus.
    Image attribution tooltip
    DKosig via Getty Images

    Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

    Researchers say the threat emulation tool may endanger thousands of vulnerable servers.

    By Jan. 18, 2022
  • Image attribution tooltip
    Drew Angerer via Getty Images

    Big tech pushes White House for open source funding, standards after Log4j

    Technology officials are calling on cross-sector collaboration to prevent a recurrence of a Log4j-style security crisis. 

    By Jan. 14, 2022
  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far

    An attacker does not need to interact with a user or have privileged access to infect a system. 

    By Samantha Schwartz • Jan. 13, 2022
  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    Log4j threat activity limited, but CISA says actors lay in wait

    Microsoft is warning about new activity from a threat actor exploiting the vulnerability in VMware Horizon to deploy ransomware.

    By Jan. 11, 2022
  • Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
    Image attribution tooltip
    vchal via Getty Images

    Log4Shell threat activity targeting VMware Horizon, UK researchers warn

    NHS Digital warned unknown threat actors are targeting the servers in order to create web shells and enable future data theft, ransomware or other attacks.

    By Jan. 10, 2022
  • FTC
    Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC threatens enforcement on firms lax about Log4j vulnerability

    The FTC warning underscores a commitment by federal regulators to ensure a more secure environment for enterprise and consumer software, according to legal experts and industry analysts. 

    By Jan. 5, 2022
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images

    Log4j activity expected to play out well into 2022

    As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.

    By Jan. 4, 2022
  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    anyaberkut via Getty Images

    US allies call for Log4j vigilance as organizations struggle to detect vulnerabilities

    The Five Eyes partners are warning about bad actors taking advantage of the holiday break to launch attacks.

    By Dec. 23, 2021
  • Laptop
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Organizations still downloading vulnerable Log4j versions

    Log4j vulnerabilities impacted more than 17,000 Java packages, representing about 4% of the ecosystem, researchers found.

    By Dec. 22, 2021
  • Image attribution tooltip
    Dean Mouhtaropoulos via Getty Images

    Exploits underway for Zoho ManageEngine zero day, compromising enterprises, MSPs

    CISA added the latest ManageEngine vulnerability to its exploit catalog and required government agencies to issue a patch by Dec. 24. 

    By Samantha Schwartz • Dec. 21, 2021
  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    Federal authorities brace for long holiday as Log4j threat activity rises

    CISA warned civilian agencies to immediately patch systems before Christmas break as researchers see an increase in malicious activity targeting organizations worldwide.

    By Dec. 20, 2021
  • software, code, computer
    Image attribution tooltip

    Markus Spiske

    Log4j and the problem with trusting open source

    Open source isn't the issue — companies need mechanisms to ensure the integrity of the software and code they adopt.

    By Samantha Schwartz • Dec. 20, 2021
  • High quality 3D rendered image, perfectly usable for topics related to big data, global networks, international flight routes or the spread of a pandemic / computer virus.
    Image attribution tooltip
    DKosig via Getty Images

    Log4j: What we know (and what's yet to come)

    The vulnerability has upended federal officials and the infosec industry, putting hundreds of millions of devices and systems at risk. 

    By Dec. 17, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Log4j attacks poised to rise as threat actors search for attack vectors

    Microsoft warns that threat actors are using third-party hosted Minecraft servers to launch ransomware attacks. The company also warned that access brokers are getting into the game.

    By Dec. 16, 2021
  • A man faces multiple computer screens.
    Image attribution tooltip
    South_agency via Getty Images

    Security teams prepare for the yearslong threat Log4j poses

    Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

    By Samantha Schwartz • Dec. 16, 2021
  • Dozens of lines of computer code on a monitor.
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Log4j threat expands as second vulnerability emerges and nation states pounce

    Early stage ransomware attempts are underway and federal officials are urging organizations to take immediate steps to protect IT systems.

    By Dec. 15, 2021