The Next Wave of Log4J Attacks Will Be Brutal

Sharing is Caring!

Hype is endemic in the world of cybersecurity, as is the spread of fear, uncertainty, and doubt. Lots of software has flaws; they can’t all be so bad. By all accounts, though, the Log4j vulnerability—also known as Log4Shell—lives up to the hype for a host of reasons. First is the ubiquity of Log4j itself. As a logging framework, it helps developers keep track of whatever goes on inside their apps. Because it’s open source and reliable, plugging in Log4j instead of building your own logging library from scratch has become standard practice. Moreover, so much of modern software is cobbled together from various vendors and products that it may be difficult, if not impossible, for many potential victims to even know the full extent of their exposure. If your code’s innermost Matryoshka doll runs Log4j, good luck finding it.

See also  Europe threatens 'massive' sanctions if Russia attacks Ukraine
See also  Who is Behind the Recent Attacks on Crypto? That’s an Easy One: BIS, the Central Banks of All Central Banks

www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/

410 views

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.