log4j Archives

Homeland Security Secretary Alejandro Mayorkas delivers remarks outlining his vision and roadmap for the Department’s cybersecurity efforts. (U.S. Department of Homeland Security)

DHS Cyber Safety Review Board to focus on Lapsus$ hackers

DHS officials said Lapsus$ is the perfect target for the next CSRB report and described the hacking group's hacks as "ongoing."

Dec 2, 2022 By Suzanne Smalley

Students walked in front of a TV screen displaying footage of Chinese President Xi Jinping on June 23 in Hong Kong. Federal officials say Chinese state-sponsored hackers have recently grown more brazen. (Photo by Anthony Kwan/Getty Images)

Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory

Chinese hackers have become increasingly brazen and are doubling down on their efforts to steal intellectual property and compromise sensitive networks, according to National Security Agency cyber…

Oct 6, 2022 By Suzanne Smalley

Chinese President Xi Jinping is seen on a big screen showing the Chinese state television CCTV evening news as the city gets ready for the upcoming centenary of the Communist Party of China on June 30, 2021 in Beijing, China. (Photo by Andrea Verdelli/Getty Images)

China could be reviewing security bugs before tech companies issue patches, DHS official says

This could give Beijing the upper hand when carrying out cyberattacks against the U.S. or its other digital adversaries.

Aug 10, 2022 By Suzanne Smalley

The U.S. Department of Homeland Security seal. (Photo by Mark Makela/Getty Images)

DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure

The report suggests that even though risk still remains for unpatched organizations, a government-wide response helped drive mediation.

Jul 14, 2022 By Tonya Riley

Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program

The findings, first reported by CyberScoop, come in the first of three phases for the DHS bug bounty program.

Apr 22, 2022

Equinix data center — A server room run by the internet connection and data center company Equinix in Amsterdam on July 14, 2021. (Photo by SEM VAN DER WAL / ANP / AFP via Getty Images)

Google Cloud offers good news and bad news on Log4Shell, other issues

Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.

Feb 15, 2022

Sen. Gary Peters, D-Mich., right, speaks with Sen. Rob Portman, R-Ohio, during a Senate Homeland Security and Governmental Affairs Committee hearing on June 8, 2021 in Washington, D.C. (Photo by Andrew Caballero-Reynolds-Pool / Getty Images)

CISA’s new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

Private-sector experts say that public-private threat sharing is key.

Feb 8, 2022 By Tonya Riley

White House hosts open-source software security summit in light of expansive Log4j flaw

The meeting will combine tech leaders with feds.

Jan 13, 2022 By Tim Starks

Computer server cables — (Photo by In Pictures Ltd./Corbis via Getty Images)

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

The findings coincide with U.S. government efforts to slow malicious cyber activity related to the issue, which is ubiquitous in the technology sector.

Jan 11, 2022 By AJ Vicens

Close-up of code on a computer screen for the Apache Struts framework, which was exploited by computer hackers using a Remote Code Execution exploit in order to allegedly steal the personal information of millions of people from credit bureau Equifax, Oct. 2, 2017. (Photo by Smith Collection/Gado/Getty Images)

If hackers are exploiting the Log4j flaw, CISA says we might not know yet

The agency harkened back to the long delay between vulnerability discovery and the Equifax breach.

Jan 10, 2022 By Tim Starks