The Log4j code is contained in hundreds of enterprise software packages, appliances, tools, and cloud services, added Bryson Bort, founder and CEO of cybersecurity vendor SCYTHE.

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On ...

In response to CISA, and using its integration with PowerBI, Device42 has built dashboards designed to help IT teams find and remediate Log4j issues in real time.

Another 3.8% use Log4j 2.17.0, which, although not vulnerable to Log4Shell, is susceptible to CVE-2021-44832, a remote code execution flaw that was fixed in version 2.17.1 of the framework.

"With Log4j, preventing the entire class of bugs that cause it is going to be hard with today's technology, but stuff like fuzzing and safe-by-default language/library design can help a lot.

Log4j isn’t the only open-source debacle to occur lately. Just last week, the creator of two widely used software tools decided to inexplicably disable them via a number of bizarre software updates.

The Log4j crisis continues, with new developments almost daily. Among the latest developments --Apache has issued a third update to correct bugs in the Java-based logging library for open source ...

Log4j is an open-source project with Apache Software Foundation. This Java-based system provides logging services and is incorporated into a number of other projects and products, such as many ...

The post Apache issues fifth patch this month to close another bug in Log4j first appeared on IT World Canada. This section is powered by IT World Canada. ITWC covers the enterprise IT spectrum, ...

Boards should also ask 'what's our plan?', and to understand how Log4j issues will be remedied. Boards should understand this will take weeks or months to remediate, not days.