Log4Shell

Featured Article

Protestware on the rise: Why developers are sabotaging their own code

If combating attacks and hijackings of legitimate software on open source registries like npm weren’t challenging enough, app makers are increasingly experiencing the consequences of software self-sabotage. A developer can, on a whim, change their mind and do whatever they want with their open source code that, most of the time anyway, comes “as is”…

10:00 am PDT • July 27, 2022
Protestware on the rise: Why developers are sabotaging their own code

GreyNoise Intelligence, a Washington, D.C.-based cybersecurity startup that analyses internet scanning traffic to help organizations separate threats from internet “background noise,” has landed $15 million in Series A funding to…

GreyNoise to expand its threat intel collection after securing $15M in funding

Tech giants including Amazon, Google and Microsoft have pledged millions of dollars to bolster the security of open source software. The pledge was made during a meeting in Washington, DC…

Tech giants pledge $30M to boost open source software security

Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to the wake-up calls from attackers.

Study: 30% of Log4Shell instances remain unpatched

The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant. The…

China-backed APT41 compromised ‘at least’ six US state governments

The proliferation of new asset types, along with the widespread shift to remote work, has resulted in assets becoming more highly distributed, making them even more difficult to manage and…

Why are cybersecurity asset management startups so hot right now?

Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to protect organizations from the next major supply-chain attack.…

Vicarius raises $24M to build out its vulnerability remediation platform

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC)…

FTC warns of legal action against organizations that fail to patch Log4j flaw

Security teams around the globe are scrambling to fix Log4Shell, a critical security flaw in Log4j, an open source logging software that’s found practically everywhere from online games to enterprise…

The race is on to patch Log4Shell, the bug that’s breaking the internet