News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak point

Log4j: The attack tsunami was still missing
1. February 2022
| No comments
| PR News, Sophos
Log4j Log4shell

Even if the feared mass exploitation of the Log4j / Log4Shell vulnerability has not yet taken place, the bug will be a target for attacks for years to come, according to Chester Wisniewski, Principal Research Scientist at Sophos. So far there has been no big Log4j / Log4Shell earthquake - a forensic status finding. The expert teams at Sophos have forensically analyzed the events surrounding the Log4Shell vulnerability since it was discovered in December 2021 and made an initial assessment - including a future forecast by Principal Research Scientist Chester Wisniewski and various graphics showing the exploitation of the vulnerability. The…

Read more

Log4j: Kaspersky registers 30.000 scans for vulnerabilities
31 January 2022
| No comments
| Kaspersky, PR News
Log4j Log4shell

Although the Apache Foundation released a patch shortly after the discovery of Log4j / Log4Shell, this vulnerability continues to pose a major threat to consumers and businesses. Kaspersky products blocked 30.562 attack attempts in the first three weeks of January. The vulnerability is extremely attractive to cyber criminals as it is easy to exploit and allows them to take complete control over the victim's system. Log4j: Kaspersky already blocked over 150.000 attacks Since initial reporting, Kaspersky products have detected and blocked 154.098 attempts to scan and attack devices by targeting…

Read more

Log4j: DriveLock offers scanner on Vulnerability Management Dashboard
26 January 2022
| No comments
| PR News
Log4j Log4shell

Drivelock offers its customers a scanner via the Vulnerability Management Dashboard to check whether they are affected by the Log4j or Log4shell vulnerability at all. All you have to do is add a test string. Log4j has been on everyone's lips for several weeks. DriveLock had already commented on this in a detailed blog post on Log4j and Log4Shell. There are many descriptions of the vulnerability and criticality (CVE-2021-44228 in Apache Log4j 2) on the Internet. Nevertheless, many IT departments are already challenged with the simple question: "Am I affected at all and if so,...

Read more

Log4j alarm: this is what F-Secure says about the security gap
21 December 2021
| No comments
| PR News
Log4j Log4shell

A vulnerability in the Log4J library, which was discovered on Friday, December 10th, rocked software manufacturers and service providers around the world. The weak point in the standardized method for processing log messages in software from Microsoft's Minecraft to e-commerce platforms is already being attacked by attackers. It is almost impossible to describe the extent of the risk that currently exists in vulnerable applications. If a user-controlled string that targets the vulnerability is logged, the vulnerability can be run remotely. In simple terms, an attacker can use this vulnerability ...

Read more

UPDATE Log4j BSI: Extremely critical vulnerability in the Java library
20 December 2021
| No comments
| Short news
Log4j Log4shell

The BSI publishes an update on their report: "Red warning level: Log4Shell vulnerability leads to an extremely critical threat situation" with new findings and further developments. According to the Federal Office for Information Security (BSI), the vulnerability called "Log4Shell" in the widely used Java library Log4j continues to lead to a critical IT security situation. The BSI provides up-to-date information on its special page on Log4j at . There is still no conclusive clarity as to which IT products are vulnerable to "Log4Shell". The Dutch partner authority of the BSI maintains an overview of the vulnerability status of numerous IT products,…

Read more

Log4j alarm: this is what Arctic Wolf recommends
18 December 2021
| No comments
| Short news
Log4j Log4shell

IT professionals are alarmed about the Log4j security vulnerability. What is currently the greatest difficulty facing companies? Which companies are particularly hard hit and what should those responsible do now? A comment from Dr. Sebastian Schmerl, Director Security Services EMEA at Arctic Wolf. What is currently the greatest difficulty facing companies? The difficulty for many companies currently is to identify whether they are using Log4j and in which configuration. This often cannot be answered easily without active monitoring, a software inventory or vulnerability scanning. The situation is different for companies that offer solutions such as ...

Read more

Log4j alert: Chinese and Iranian government actors attack
17 December 2021
| No comments
| Short news

It is the most critical vulnerability discovered in years. Countless companies around the world are vulnerable and the situation is developing rapidly. Mandiant has identified that Chinese and Iranian government actors are already exploiting the vulnerability in log4j. Commenting on the latest findings, John Hultquist, VP of Intelligence Analysis at Mandiant, “We know that Chinese and Iranian government actors are exploiting this vulnerability, and we expect other state actors are doing the same or are preparing to do so. We believe these actors will act quickly to gain a foothold in coveted networks. With the…

Read more

Webinar December 17, 2021: Log4j - effectively protecting against the vulnerability
16 December 2021
| No comments
| Kaspersky, Short news
Kaspersky_news

Security provider Kaspersky invites you to a top-class webinar on the topic of the Log4j vulnerability: Protecting against the vulnerability effectively. The free webinar starts on December 17, 2021 at 14 p.m. On December 00th, security researchers discovered a critical vulnerability in the Apache Log09j library, which is used for millions of Java applications. Using CVE-4-2021, also known as “Log44228Shell”, attackers can execute arbitrary code and even gain full control over a system if the vulnerability is exploited on a vulnerable server. The CVE was rated 4 out of 10 for ...

Read more

Log4j alarm: this is what Kaspersky recommends 
16 December 2021
| No comments
| Kaspersky, PR News
Log4j Log4shell

A new, particularly critical vulnerability was discovered in the Apache Log4j library last week. This is used for millions of Java applications. Here are a few recommendations from the Kaspersky experts. Log4Shell - also known as LogJam and under the designation CVE-2021-44228 - is a so-called Remote Code Execution (RCE) class vulnerability. This allows attackers to execute arbitrary code and possibly gain full control over a system if it is exploited on a vulnerable server. The CVE was rated 10 out of 10 for severity. Log4j in millions of Java applications The Apache ...

Read more

BSI: Extremely critical vulnerability in the Java library Log4j 
13 December 2021
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI, Federal Office for Information Security, calls out the warning level red because of the Java library Log4j and its vulnerability Log4Shell. The problem creates an extremely critical threat level. According to the Federal Office for Information Security (BSI), the critical vulnerability (Log4Shell) in the widespread Java library Log4j leads to an extremely critical threat situation. The BSI has therefore upgraded its existing cyber security warning to warning level red. The reason for this assessment is the very widespread use of the affected product and the associated effects on countless other products. The weak point ...

Read more

© 2024 MedPressIT GbR
Cookie Settings