Along with the increasing sophistication of cyberattacks today, modern software applications have become increasingly complex and reliant on third-party components. Rarely are software applications ...

To illustrate the complexity and severity of modern application attacks, let's examine an attack against the infamous Log4Shell vulnerability (CVE-2021-44228) that sent shockwaves through the ...

Last year, I started to notice a particular phrase cheerfully uttered in my direction when I entered a store, hotel, restaurant, yoga studio — even the venerable halls of the JFK Delta SkyClub: ...

Standalone-JNDI uses a filesystem directory structure to create the hierarchical structure of JNDI contexts. The name of each context will match the name of the equivalent directory. Each directory ...

Get an overview of JDBC's architecture, then learn how to connect to a database and handle SQL queries and responses with PreparedStatements, transactions, connection pooling, and more. JDBC (Java ...

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last ...

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...

Most likely bad actors already knew about this prior to December 9 th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums. The vulnerability exposes how the ...

Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. Security ...