TechRadar

Why every CISO should demand a comprehensive Software Bill of Materials (SBOM)

Along with the increasing sophistication of cyberattacks today, modern software applications have become increasingly complex and reliant on third-party components. Rarely are software applications ...
GitHub

Custom jacc provider fails to find BeanManager via JNDI (java:comp/BeanManager)

This provider works on Payara 5.2022 and 6.2023, but now I try to use the same provider on GlassFish 7. The jacc provider is registered during startup. No errors. [2023-11-07T10:53:27.356527+01:00] ...
ZDNet

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...
Dark Reading

New Log4j Attack Vector Discovered

Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. Security ...
CSOonline

4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk. The IT security community has been hard at work for the past ...