InfoWorld

Write custom appenders for log4j

statements, however. The logging system can add contextual information—filename, line number, and date, for example—to the message automatically. You can redirect the messages to different ...
Business Wire

Tanium: The Leading Corporate Solution to Fully Identify and Remediate Log4j Vulnerabilities

KIRKLAND, WA--(BUSINESS WIRE)--Industry experts are naming Log4j one of the most severe internet and computer vulnerabilities they have encountered. The United States Cyber Security and Infrastructure ...
Commercial Integrator

Log4j Scanning Tools Now Available for Free and Public Use

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic early last month. The Apache Foundation has since fixed the bugs and issued patches. So the onus is now ...
ZDNet

Multiple Log4j scanners released by CISA, CrowdStrike

CISA released its own Log4J scanner this week alongside a host of other scanners published by cybersecurity companies and researchers. The open-sourced Log4j scanner is derived from scanners created ...
InfoWorld

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
Threat Post

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Attackers are trying to log in to SolarWinds Serv-U file-sharing ...
Bleeping Computer

NVIDIA discloses applications impacted by Log4j vulnerability

NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. After a thorough ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...
Gizmodo

NASA Denies It Used the Doomed Log4j in Its Mars Ingenuity Helicopter

Did log4j, the buggy software utility from hell, get NASA’s experimental Mars helicopter hacked? The answer is: Nope—according to NASA, it doesn’t even use the doomed tool. The Register originally ...
CRN

Nation-State, Ransomware Groups Using Log4j Bug In Attacks

Hackers in China, Iran, North Korea, and Turkey are capitalizing on the Log4j flaw, with Iran’s Phosphorus group modifying the exploit and China’s Hafnium group hitting virtualization infrastructure, ...