Much software still has log4j2 vulnerabilities, it took hackers days to exploit a VMware vulnerability, and more.

Welcome to Cyber ​​Security Today. It’s Wednesday April 27th. I’m Howard Solomon, Contributing Cybersecurity Reporter for ITWorldCanada.com.

Four months later The log4j2 open source logging vulnerability called Log4Shell has been exposed, many developers have yet to install security updates in their applications. That’s what researchers from Rezilon say. (Registration required to receive report) It is estimated that only 40 percent of the nearly 18,000 open source packages using log4j2 have been patched. Even if your application or server using log4j2 is not connected to the internet, it is vulnerable. For example, Java applications on an internal server can be hit by logs received from a compromised, externally connected server. Rezilion believes that many IT departments are unaware that their applications are using log4j2, especially if it’s in their third-party vendors…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.