Category Archives: Vulnerabilities

After Log4Shell, how can we tackle a possible pandemic of open source exploits?

by Anthony Musk

If a week is a long time in politics, a month can sometimes feel like a lifetime in cybersecurity. Few of us working in cyber at the start of December could have predicted how the run up to Christmas would pan out. In the end, Log4Shelland the subsequent vulnerabilities found in Log4j made it several weeks of sleepless nights and anxious Zoom calls. The truth is that the logging utility is so ubiquitous, related threats will be with us for months or even years to come.

But that’s not the end of the story. Unfortunately for security professionals, their employers and customers, there’s a much wider concern. Trend Micro has been one of several authoritative voices warning of the impact of open source bugs on the security of the digital world. Unless we take action soon, Log4Shell could be the start of an extremely unwelcome trend: a cyber-pandemic fuelled by open source exploits.

Continue reading

Just how bad is the Log4j/Log4Shell vulnerability?

by Simon Walsh

Over the weekend, security teams across the globe have been racing against the clock to mitigate a newly discovered vulnerability. The bug is found in popular Apache logging system Log4j, and has been dubbed “Log4Shell”. It’s already being exploited in the wild.

Here we explain how attacks work and what your organisation should do.

Continue reading