Follow developments in the unfolding Log4j story with the CyberWire.
Tracking the Log4j vulnerabilities.
Since the Log4shell vulnerability was discovered, the CyberWire team has been tracking the news, industry reaction, and responses by governments as things unfolded. The story is still in progress, but you can find our extensive coverage to-date in these CyberWire Pro stories:
Log4j and other issues in open-source software. (January 11th, 2022)
CISA discusses progress on Log4shell (as other open-source vulnerabilities are reported). (January 10th, 2022)
Log4j and the offense-defense seesaw. (January 7th, 2022)
Log4 j in industrial systems. Regulatory response. Exploitation for ransomware. (January 6th, 2022)
Log4j Risk mitigation (and the risks are both technical and regulatory). (January 5th, 2022)
Log4j vulnerabilities and the long slog through remediation and risk management. (January 4th, 2022)
Log4j vulnerabilities: new patches and nation-state exploitation. (January 3rd, 2022)
Log4j update: more crime, and a Five Eyes advisory. (December 22nd, 2021)
Log4j update: risk assessed, denial-of-service bug fixed, and advice for boards. (December 20th, 2021)
Log4j: Where's Fancy Bear been? Right there, choppin' lumber… (December 17th, 2021)
Log4shell: exploitation and remediation. (December 16th, 2021)
Log4j vulnerabilities at midweek. (December 15th, 2021)
Log4shell is now undergoing active exploitation (December 14th, 2021)
Be sure to visit our website to get the latest, as we track this critical vulnerability.
(And, if you're not already a Pro member, sign up today.)