Serious Code Execution Bug for Log4j Poised to Affect Wide Range of Enterprises

New White House policy requires fast assessments of cyberattacks, EFF files suit on behalf of Saudi activists who were spied upon, UK court says Assange can be extradited to U.S., much more

Exploit code has been released for a serious code execution vulnerability in the widely used logging utility Log4j. The bug tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam can be exploited by forcing Java-based apps and servers, where the Log4j library was used, to log a specific string into their internal systems.

The vulnerability first came to light on sites catering to the popular game Minecraft users. However, experts are issuing dire warnings that a wide swath of software is likely to be affected. The Apache Software Foundation has released an emergency security update to patch the zero-day vulnerability. According to reports from security firms Bad Packets and Greynoise, multiple threat actors are already scanning for apps that may be vulnerable to the Log4Shell attack, meaning that server owners will most likely have a tiny patch window. (Catalin Cimpanu / The Record)

Related: Reddit - cybersecurity, Ars Technica, The Record, Github, LoggingApache.org, Lunasec, Github, …