ZDNet

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
Homeland Security Today

CISA, FBI, NSA, and International Partners Issue Advisory to Mitigate Apache Log4J Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian ...
Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
VentureBeat

Log4j vulnerabilities, malware strains multiply; major attack disclosed

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More As cybersecurity teams grapple with having to potentially patch their ...
Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
ZDNet

After Log4j, White House fears the next big open source vulnerability

The White House is holding a meeting today with Apache, Google, Apple, Amazon, and other major tech organizations to discuss software security and open source tools. This comes in the wake of the ...