In the week since the emergence of the Log4J security vulnerability, software vendors and end-user organisations have been scrambling to patch their systems, as attackers tested out exploits and launched hundreds and thousands of attacks. Here is what we’ve learned about how the Log4J vulnerability is being exploited, how the technology industry has responded, and how organisations must respond in the short and medium term.
How is the Log4J vulnerability being exploited?
Last Thursday, details emerged of a new vulnerability in Log4J, an open-source logging tool for the Java programming language. The news triggered alarm in the cybersecurity sector due to the ubiquity of Log4J and the ease with which the vulnerability can be exploited.
Even unsophisticated hackers can download tools to scan the internet for unpatched servers and use commands copied from online code repositories to exploit them, says David Warshavski, VP for enterprise security at Sygnia. “The latest tool that can scan the entire IP range of the internet and…
