log4shell Archives

‘Spring4Shell’ bug in framework for Java programming draws widespread warnings

Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.

Apr 1, 2022 By Joe Warminsky

Electronic circuit board production and computer chip fly test by robotic automated machine. (Getty Images)

In studying tech supply chain, feds cite open source products, device firmware

The White House ordered Commerce and Homeland Security to examine weak spots in how the IT and communications industries produce hardware and software.

Feb 25, 2022 By Joe Warminsky

Equinix data center — A server room run by the internet connection and data center company Equinix in Amsterdam on July 14, 2021. (Photo by SEM VAN DER WAL / ANP / AFP via Getty Images)

Google Cloud offers good news and bad news on Log4Shell, other issues

Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.

Feb 15, 2022

Sen. Gary Peters, D-Mich., right, speaks with Sen. Rob Portman, R-Ohio, during a Senate Homeland Security and Governmental Affairs Committee hearing on June 8, 2021 in Washington, D.C. (Photo by Andrew Caballero-Reynolds-Pool / Getty Images)

CISA’s new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

Private-sector experts say that public-private threat sharing is key.

Feb 8, 2022 By Tonya Riley

Chinese hackers use Log4j exploit to go after academic institution

The attack is the latest strike by Chinese hackers using Log4j.

Dec 29, 2021 By Tonya Riley

CISA, DHS, Department of Homeland Security, RSA 2019, DHS patching — (Scoop News Group)

CISA, Five Eyes issue guidance meant to slow Log4Shell attacks

The joint agencies "assess that exploitation of these vulnerabilities, especially Log4Shell, is likely to increase and continue over an extended period."

Dec 22, 2021 By Tonya Riley