Critical Apache Log4j Vulnerability Being Exploited In The Wild
Posted on: 19 Nov, 2020
Defenders across the security community are pushing to address CVE-2021-44228, an actively exploited vulnerability in Apache Log4j. The vulnerability affects a widely used Java logging library that many large organizations may have in their environment. So far, major targets have included Apple and the popular video game “Minecraft.” This library may also be used as a dependency by a variety of web applications found in enterprise environments, including Elastic. Due to the nature of this vulnerability, Cisco Talos believes this will be a widely exploited vulnerability among attackers moving forward, and users should patch affected products and implement mitigation solutions as soon as possible.
Apache has released a new update for Log4j, version 2.16.0. While the previous release (2.15.0) removed the ability to resolve lookups and addressed issues to mitigate CVE-2021-44228, this release disables JNDI by default and removes support for message lookups. Please refer to the Mitigations section for more details.
Share This
Recent Posts
-
CITSAP teams up with Thoropass and DuploCloud to offer SOC 2 + HITRUST AWS Marketplace solution
-
House Of Representatives Republicans Slam OPM Over 2015 Data Breach
-
Apple’s IOS App Store Suffers First Major Malware Attack
-
Wells Fargo Bank Fined $185M And Fires 5,300 Employees Over Fake Account Scam
-
Commodity Futures Trading Commission Imposes Cybersecurity Rules For U.S. Commodities, Derivatives Firms
Comments (0)
Post Your Comment