log4j Archives

The U.S. Capitol is seen in Washington, DC, on November 14, 2023. (Photo by Stefani Reynolds / AFP)

Cyber Safety Review Board needs stronger authorities, more independence, experts say

The CSRB needs to become more transparent regarding its membership and the cases it takes on, experts told Congress.

Jan 17, 2024 By Derek B. Johnson

Flag of the Democratic People’s Republic of Korea (Manuel Augusto Moreno)

North Korean hacking ops continue to exploit Log4Shell

Two years after it was disclosed, the Log4j vulnerability continues to enable North Korean hacking operations.

Dec 11, 2023 By AJ Vicens

Homeland Security Secretary Alejandro Mayorkas delivers remarks outlining his vision and roadmap for the Department’s cybersecurity efforts. (U.S. Department of Homeland Security)

DHS Cyber Safety Review Board to focus on Lapsus$ hackers

DHS officials said Lapsus$ is the perfect target for the next CSRB report and described the hacking group's hacks as "ongoing."

Dec 2, 2022 By Suzanne Smalley

Students walked in front of a TV screen displaying footage of Chinese President Xi Jinping on June 23 in Hong Kong. Federal officials say Chinese state-sponsored hackers have recently grown more brazen. (Photo by Anthony Kwan/Getty Images)

Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory

Chinese hackers have become increasingly brazen and are doubling down on their efforts to steal intellectual property and compromise sensitive networks, according to National Security Agency cyber…

Oct 6, 2022 By Suzanne Smalley

Chinese President Xi Jinping is seen on a big screen showing the Chinese state television CCTV evening news as the city gets ready for the upcoming centenary of the Communist Party of China on June 30, 2021 in Beijing, China. (Photo by Andrea Verdelli/Getty Images)

China could be reviewing security bugs before tech companies issue patches, DHS official says

This could give Beijing the upper hand when carrying out cyberattacks against the U.S. or its other digital adversaries.

Aug 10, 2022 By Suzanne Smalley

The U.S. Department of Homeland Security seal. (Photo by Mark Makela/Getty Images)

DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure

The report suggests that even though risk still remains for unpatched organizations, a government-wide response helped drive mediation.

Jul 14, 2022 By Tonya Riley

Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program

The findings, first reported by CyberScoop, come in the first of three phases for the DHS bug bounty program.

Apr 22, 2022

Equinix data center — A server room run by the internet connection and data center company Equinix in Amsterdam on July 14, 2021. (Photo by SEM VAN DER WAL / ANP / AFP via Getty Images)

Google Cloud offers good news and bad news on Log4Shell, other issues

Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.

Feb 15, 2022

Sen. Gary Peters, D-Mich., right, speaks with Sen. Rob Portman, R-Ohio, during a Senate Homeland Security and Governmental Affairs Committee hearing on June 8, 2021 in Washington, D.C. (Photo by Andrew Caballero-Reynolds-Pool / Getty Images)

CISA’s new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

Private-sector experts say that public-private threat sharing is key.

Feb 8, 2022 By Tonya Riley

White House hosts open-source software security summit in light of expansive Log4j flaw

The meeting will combine tech leaders with feds.

Jan 13, 2022 By Tim Starks