窓の杜

Java版「Minecraft」にセキュリティ更新、極めて危険な「Log4j」脆弱性 ...

米Microsoft傘下のMojangは12月10日(現地時間)、「Minecraft: Java Edition」の最新版v1.18.1を公開した。ロギングライブラリ「Apache Log4j」で発見された任意コード実行の脆弱性(CVE-2021-44228)に対処したセキュリティアップデートとなっており、早急なアップデートが ...
SFGate

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad ...

Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...
ITWire

Logjam: Log4j exploit attempts continue in globally distributed scans, attacks

**COMPANY NEWS:** Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional ...
Dark Reading

Preemptive Strategies to Stop Log4j and Its Variants

The Apache Log4j vulnerability, now called Log4Shell, took security teams by surprise and the Internet by storm. A seemingly innocuous logging tool has been used by hackers to take control of ...
ITmedia

「やばすぎる」 Javaライブラリ「Log4j」にゼロデイ脆弱性、任意の ...

Javaで使われるログ出力ライブラリ「Apache Log4j」に悪意のある文字列を記録させることで、任意のリモートコードを実行できるようになる(Remote Code Execution, RCE)、ゼロデイ脆弱性があることが12月10日に分かった。広範囲に影響が及ぶ可能性があることから ...
Dark Reading

Log4j Reveals Cybersecurity's Dirty Little Secret

When tech media starts reporting that the "internet is on fire," you know you have a significant situation on your hands. Over time, the severity, scope, and impact of the Log4j vulnerability, also ...