Best of Cybersecurity — December 2021
- 1
- 2
The Hacker News·4y
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
Apache Software Foundation pushes out new fix for Log4j logging utility. The previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations" The latest update arrives as fallout from the flaw has resulted in a "true cyber pandemic"
- 3
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Telemetry signs point to exploitation of the flaw nine days before it even came to light. Threat actors are weaponizing unpatched servers affected by the newly disclosed "Log4Shell" vulnerability. Threats such as Mirai and Muhstik are setting their sights on vulnerable systems to spread the infection.
- 4
Laravel·4y
Log4j Vulnerability Update
Log4j is a Java library by Apache used to log debug messages within applications. The vast majority of servers provisioned by Forge will not be vulnerable. If you have manually installed applications such as ElasticSearch your server may be affected. To check if your server is affected, you can use a script such as log4j_checker_beta .
- 5
Cisco·4y
Log4j Developer Response
A newly discovered zero-day vulnerability (CVE-2021-44228) in the Apache Log4j library. If exploited, the vulnerability allows attackers to gain full control of affected servers and your application. There are a few key things you can do as a developer to contain the threat.
