Bleeping Computer

Public interest in Log4Shell fades but attack surface remains

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...
ZDNet

Log4j flaw: Why it will still be causing problems a decade from now

Despite a well-coordinated effort to rally organizations to patch to the major open-source software flaw, cybersecurity officials don't see an end to the Log4Shell problems for at least a decade. That ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
SDxCentral

Homeland Security Warns Log4j’s 'Endemic' Threats for Years to Come

"Log4j is an ‘endemic vulnerability’ and vulnerable instances of Log4j will remain in systems for many years to come," the Cyber Safety Review Board noted. The U.S. Department of Homeland Security ...
Dark Reading

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

The US Department of Homeland Security's Cyber Safety Review Board (CSRB) has concluded that the Apache Log4j vulnerability disclosed in December 2021 will remain a significant risk to organizations ...