- A malicious code string that eventually gets logged by Log4j version 2.0 or higher allow an attacker to load arbitrary Java code on a server and take control of it. https://www.wired.com/story/log4j-flaw-hacking-internet/ 137 comments programming
Linking pages
- Professional maintainers: a wake-up call https://blog.filippo.io/professional-maintainers/ 530 comments
- Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ 31 comments
- Lessons in Trust From us-east-1 - Last Week in AWS Blog https://www.lastweekinaws.com/blog/lessons-in-trust-from-us-east-1/ 29 comments
- The Log4J Vulnerability Will Haunt the Internet for Years | WIRED https://www.wired.com/story/log4j-log4shell/ 16 comments
- Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED https://www.wired.com/story/log4j-log4shell-one-year-later/ 6 comments
- GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security. https://github.com/chainguard-dev/ssc-reading-list 3 comments
- What is EPSS? A new rating system for vulnerabilities to replace CVSS. | LunaTrace https://www.lunasec.io/docs/blog/what-is-epss/ 1 comment
- Open Source Software Faces Threats of Protestware and Sabotage | WIRED https://www.wired.com/story/open-source-sabotage-protestware/ 0 comments
- The Dumb ‘Smart’ Gear That Someone’s Gonna Hack in 2017 | WIRED https://www.wired.com/2017/01/dumb-smart-gear-thatll-get-hacked-2017/ 0 comments
- Chinese Spies Hacked a Livestock App to Breach US State Networks | WIRED https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ 0 comments
- Revealed: Emerging Ransomware Group, Leaked AWS Accounts, & Secret Log4j Discussions | Webz.io https://webz.io/blog/dark-web/revealed-emerging-ransomware-group-leaked-aws-accounts-secret-log4j-discussions/ 0 comments
- Professional maintainers: a wake-up call https://words.filippo.io/professional-maintainers/ 0 comments
- A Teen Took Control of Teslas by Hacking a Third-Party App | WIRED https://www.wired.com/story/tesla-hack-ukraine-russia-ransomware-security-news/ 0 comments
- The Next Wave of Log4J Attacks Will Be Brutal | WIRED https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/ 0 comments
- lunasec/2022-03-30-spring-core-rce.mdx at master · lunasec-io/lunasec · GitHub https://github.com/lunasec-io/lunasec/blob/master/docs/blog/2022-03-30-spring-core-rce.mdx 0 comments
Linked pages
- Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day/ 1949 comments
- What the Hell Happened to FTX? | WIRED https://www.wired.com/story/ftx-collapse-binance-crypto-deal/ 17 comments
- The Reason for Meta’s Massive Layoffs? Ghosts in the Machine | WIRED https://www.wired.com/story/meta-layoffs-overhiring/ 3 comments
- https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition 0 comments
- CVE - CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 0 comments
- CVE-2021-44228 - Log4j RCE 0-day mitigation https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ 0 comments
- Matthew Prince 🌥 on Twitter: "We’ve made the determination that #Log4J is so bad we’re going to try and roll out at least some protection for all @Cloudflare customers by default, even free customers who do not have our WAF. Working on how to do that safely now." / Twitter https://twitter.com/eastdakota/status/1469350732692217863 0 comments
Would you like to stay up to date with Java? Checkout Java
Weekly.
Related searches:
Search whole site: site:wired.com
Search title: A Log4J Vulnerability Has Set the Internet 'On Fire' | WIRED
See how to search.