Chronic Log4Shell Problems Will Likely Last for Years
NSO Group in talks to sell the company, Virginia legislature disrupted by a ransomware attack, Big-ticket thefts hit two cryptocurrency organizations, Payroll provider hit with ransomware attack, more
As organizations worldwide scramble to fix the Log4Shell vulnerability in the ubiquitously deployed open-source Apache logging framework Log4j, it’s becoming clear that the issue will be a chronic problem that likely will afflict the internet for years.
The ease with which threat actors can exploit the unauthenticated, remote code execution vulnerability, which can be activated by merely sending a string of code that gets logged into a Log4j version 2.0 or higher, coupled with the vast attack surface encompassing hundreds of millions of devices, makes Log4Shell one of the worst vulnerabilities to afflict the modern internet. Cybersecurity and Infrastructure Security Agency Director Jen Easterly says it “is one of the most serious I’ve seen in my entire career, if not the most serious.” (Lily Hay Newman / Wired, Tim Starks / Cyberscoop)
Related: Reddit - cybersecurity, Popular Science, Dark Reading, ITP.net, Safebreach Labs, Asia One Digital, JD Supra, Acunetix, Chemical Facility Securi…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.