Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications.
This means that security teams worldwide are likely to be dealing with this vulnerability for a while, for years possibly. The following products are known to be affected:
The severity cannot be stated enough, exploitation can be as simple as a copy and paste of a payload. An attacker who exploits this vulnerability can gain remote access to vulnerable endpoints. This gives the attacker a foothold on a network to gain high-level privileges, on a mission-critical server, or could potentially result in a network-wide compromise.
Furthermore, this vulnerability is being actively scanned for and there are reports of active breaches involving strains of malware. Whilst there are not any high-profile reports of ransomware — it is only a matter of time.
Those running products with vulnerable Log4j versions should upgrade to version log4j-2.15.0.rc2 immediately. In addition, it is highly recommended to read the resource labelled “Technical information.” Huntress created a tool to identify Log4j in applications. Additionally, information is being added to their article as it is discovered.
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…
