Over the past weekend a new Critical Vulnerability was announced involving the Log4j library.
Log4j is a logging library made by the Apache Software Foundation and is used extensively in services. The Log4j security risk allows threat actors to execute remote commands on a target system. This vulnerability puts countless services at risk of an attack by threat actors.
What is the issue with Log4j?
The Log4j software flaw, reported by cybersecurity researchers as CVE-2021-44228, has the potential to allow attackers to have uncontrolled access to computer systems. Even the US government’s cybersecurity agency has issued a warning.
Here’s everything we know so far:
A long list of vendors and applications are affected, all of which could lead to potential exploitation. Current threat feeds are seeing a massive number of attempts by threat actors to exploit this vulnerability, and new exploit code is being written by several sources.
If you are a current IntegraONE client, or need further assistance regarding your external facing attack surface to this vulnerability, visit our Contact Us page.
Craig Treubig
Directory Digital Forensics and Incident Response IR1