ZDNet

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...
Threat Post

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily exploited and ...
Dark Reading

Preemptive Strategies to Stop Log4j and Its Variants

The Apache Log4j vulnerability, now called Log4Shell, took security teams by surprise and the Internet by storm. A seemingly innocuous logging tool has been used by hackers to take control of ...
CSOonline

Detect Log4j Attacks Hiding in Encrypted Traffic

ExtraHop threat researchers have observed attackers in the wild using encrypted traffic to avoid detection of Log4Shell attacks. This is consistent with the general trend of cyberattackers using ...
CSOonline

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue. A second ...