如果你多少关注信息安全资讯，或许在最近几天已经频繁听到 Log4Shell 这个漏洞的名字——或者一些更具传播性的说法，诸如「互联网正在着火」「过去十年最严重的漏洞」「现代计算机历史上最大漏洞」「难以想到哪家公司不受影响」之类（参见《洛杉矶时报 ...

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining ...

黑客攻击变得一年比一年高级和复杂，因此现在追踪了解安全漏洞比以往任何时候都来得重要。2022年恶意威胁分子利用的一些最危险的漏洞。 1. Follina（CVE- 2022 – 30190） CVE-2022-30190（非正式名称为“Follina”）在2022年5月被披露，它是微软Windows支持诊断工具（MSDT ...

The flaw in the application-logging component Log4j known as "Log4Shell" should have been patched by organisations months ago, but some systems that haven't been patched with available updates are ...

Log4Shell is a vulnerability found in the feature 'JNDI Lookup' that has been included since version 2.0 beta 9 of Log4j, which dynamically reads a class file from any LDAP server with a specific ...

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...

一时间，这个高危漏洞引发全球网络安全震荡！ CVE-2021-44228，又名Log4Shell 。 新西兰计算机紧急响应中心（CERT）、美国国家 ...

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily exploited and ...