ZDNet

Log4j flaw attack levels remain high, Microsoft warns

Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.
SDxCentral

Homeland Security Warns Log4j’s 'Endemic' Threats for Years to Come

"Log4j is an ‘endemic vulnerability’ and vulnerable instances of Log4j will remain in systems for many years to come," the Cyber Safety Review Board noted. The U.S. Department of Homeland Security ...
Dark Reading

The Log4j Flaw Will Take Years to Be Fully Addressed

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw. A ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
The Conversation

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...
PC Magazine

What Is the Log4j Exploit, and What Can You Do to Stay Safe?

Hackers could take control of millions of servers, shutting them down or forcing them to spew malware due to widely-used faulty code. Here's how it happened, and what can you do to protect yourself.