Metacurity

Share this post

Serious Code Execution Bug for Log4j Poised to Affect Wide Range of Enterprises

metacurity.substack.com

Serious Code Execution Bug for Log4j Poised to Affect Wide Range of Enterprises

New White House policy requires fast assessments of cyberattacks, EFF files suit on behalf of Saudi activists who were spied upon, UK court says Assange can be extradited to U.S., much more

Cynthia Brumfield
Dec 10, 2021
∙ Paid
1
Share

Give a gift subscription

Exploit code has been released for a serious code execution vulnerability in the widely used logging utility Log4j. The bug tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam can be exploited by forcing Java-based apps and servers, where the Log4j library was used, to log a specific string into their internal systems.

The vulnerability first came to light on sites catering to the popular game Minecraft users. However, experts are issuing dire warnings that a wide swath of software is likely to be affected. The Apache Software Foundation has released an emergency security update to patch the zero-day vulnerability. According to reports from security firms Bad Packets and Greynoise, multiple threat actors are already scanning for apps that may be vulnerable to the Log4Shell attack, meaning that server owners will most likely have a tiny patch window. (Catalin Cimpanu / The Record)

Related: Reddit - cybersecurity, Ars Technica, The Record, Github, LoggingApache.org, Lunasec, Github, …

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing