Topic: log4j

ITOps Times news digest: Second Log4j vulnerability detected; IBM and Samsung make new semiconductor breakthrough; Linux Foundation announces new IT course

A second vulnerability has been detected in Log4j that renders previous mitigations for versions 2.7.0 to 2.14.1 potentially useless, according to LunaSec. The security company explained that your systems may be vulnerable if you only enabled the “formatMsgNoLookups” flag or set “%m{nolookups} when setting attacker controlled data in ThreadContext.  It recommends updating to at least … continue reading

Log4j vulnerability is “absolutely brutal”

A major vulnerability was discovered Thursday in the technology Log4j, which is a popular logging package in Java.  According to Ashan Dabirsiaghi, co-founder and chief scientist at Contrast Security, Log4j is the most popular logging framework for Java. Essentially any Java application that logs data uses it, and it is used by millions of applications.  … continue reading

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!