Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Apache Apache Struts Cisco CloudFlare Cybereason Don't miss Featured news Huntress Log4j logging News Open Source Sonatype Vulnerability Web Application Security

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterprise applications out there. The existence of the vulnerability and the public release of PoCs exploiting it have made this weekend a nightmare for those that are tasked with mitigating its fallout and keeping company systems and networks secure. Log4Shell update: What … More

The post Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation appeared first on Help Net Security.

Source: help net security.com