What you need to know about Log4Shell

Read Time:1 Minute, 4 Second

Photo by ThisIsEngineering from Pexels

Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.

Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.

Friday Squid Blogging: Live Colossal Squid Filmed

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs