Opinion
Que.com on MSNOpinion

Ex-NSA chiefs warn society is numb to cybersecurity threats

In an era where headlines about data breaches, ransomware attacks, and spyware run rampant, it’s easy to become desensitized. Former ...
Gizmodo

After Log4j, Open-Source Software Is Now a National Security Issue

The White House convened a meeting between some of tech's biggest players Thursday to discuss how the security of open-source software could be improved. Reading time 2 minutes For years, developers ...
The Record

The Apache Log4j team talks about the Log4Shell patching process

On December 9, 2021, the internet learned of a major security bug in a little-known Java library named Apache Log4j. This little bug—codenamed Log4Shell—had one of the most significant impacts on the ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...
Game Rant

6 Things We Know So Far About Space Engineers 2

Mac is a GameRant writer, who has been gaming for over 40 years. He mostly plays multiplayer or co-op games, with the same group of friends he has played with online for 25 years. New Vrage3 engine ...
Cloud Security Alliance

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection ...
GitHub

Regression in Log4j 2.22.0 on Android because of changes to getThreadContextClassLoader() in LoaderUtil

When upgrading an Android Application which has a transitive dependency on Log4j from log4j-core 2.21.1 to 2.22.0, it fails with an exception because it seems the method AccessController.doPrivileged( ...
CSOonline

Lazarus APT attack campaign shows Log4Shell exploitation remains popular

The ongoing attack targets manufacturing, agricultural, and physical security organizations that have yet to fix vulnerabilities in the Log4j code. Despite receiving a patch two years ago, the ...
Bleeping Computer

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
GitHub

Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while ...

Users should refer to Maven, Ivy, Gradle, and SBT Artifacts on the Log4j website for instructions on how to include Log4j into their project using their chosen build tool.