Risk Management February 24, 2023

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

4 min read - Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security…

Risk Management January 23, 2023

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

4 min read - In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Incident Response December 18, 2021

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

4 min read - You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT…

Software Vulnerabilities December 12, 2021

How Log4j Vulnerability Could Impact You

4 min read - Get the latest on the vulnerability dubbed "Log4Shell," a remote code execution vulnerability.

November 26, 2019

Exploit Code Escalates Apache Solr Vulnerability To ‘High Risk’ Status

2 min read - New exploit code has led researchers to reclassify a security threat aimed at the Linux enterprise search tool Apache Solr to "high severity status."

Application Security January 4, 2019

New Year, New Risks: 3 Application Security Resolutions You Should Adopt in 2019

5 min read - To ring in the new year, application security teams should resolve to implement more security into the development process, prioritize consumer trust and pay more attention to false negatives.

September 14, 2018

Mirai and Gafgyt IoT Malware Now Targeting SonicWall’s GMS and Apache Struts Exploits

< 1 min read - Malware authors have released modified versions of the Mirai and Gafgyt IoT malware that are capable of targeting vulnerabilities affecting SonicWall's GMS and Apache Struts.

Software Vulnerabilities October 17, 2017

Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel

5 min read - The best way to remediate zero-day threats is to focus on proactively assessing and patching the vulnerabilities that facilitate them.

Endpoint September 25, 2017

Worried About Apache Struts? Stay One Step Ahead of Endpoint Attacks

2 min read - Security teams needs advanced visibility into all endpoints across the organization to prevent endpoint attacks such as the recent Apache Struts exploit.

September 11, 2017

Speedy Security Breach: Threat Actors Develop Apache Exploit Within Hours of Disclosure

2 min read - Even with a patch available for the new Struts vulnerability, threat actors developed new exploits within hours and coordinated security breach attacks.