Millions of systems and applications around the world use a java library logging tool from Apache, known as Log4j, whose vulnerability is being used to compromise these computers and servers. It requires very little technical expertise to exploit and has potential to provide full system access from anywhere in the world. Combine that with its widespread use, and it makes this one of the most severe vulnerabilities seen in years.
Although the issue is patched, it will require organizations’ administrators to check with their software vendors and perform any mitigations required. Individuals are also impacted and the best you can do is keep your systems and software patched and up to date.
https://www.wired.com/story/log4j-flaw-hacking-internet
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228
0 Comments