It’s hard to know how many systems are already compromised by the log4j security vulnerability. It may take months or even years until we know if most critical systems were patched in time.
As many have seen, the Log4Shell vulnerability, which was discovered over the weekend, is an extremely serious flaw and will likely impact organizations for years to come. Here’s what we know thus far, and how enterprises can remain safe as this vulnerability persists.
Cybersecurity leaders are concerned that attackers could further weaponize the Log4j security vulnerability by creating a "worm" that spreads automatically from one vulnerable device to another.
A Vulcan Cyber study highlights the struggle of IT security teams to transition from simple vulnerability identification to meaningful response and mitigation, limiting the risk insights business leaders and IT management professionals need to effectively protect valuable business assets.
Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services, meaning many organizations are at risk from threat actors actively exploiting this vulnerability.
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability — CVE-2021-44077 — in Zoho ManageEngine ServiceDesk Plus
Incidents tend to happen at the seams and cracks of your organization, where the automation is incomplete, observability is not omniscient, and humans are still in the loop. Our blind spots are constantly evolving, and we must update our mental models of how to approach security accordingly.
Researchers have helped patch a high-severity-rated security flaw in a popular WordPress plugin, which could be exploited to completely wipe and reset any vulnerable WordPress website.
Salt Labs found that nearly every organization using Elastic Stack is affected by a new vulnerability, which makes users susceptible to injection attacks. Bad actors can use injection attacks to exfiltrate data and launch denial of service (DoS) events.