In December, a critical Log4j vulnerability known as Log4Shell impacted the world of security in ways that few vulnerabilities previously have. It’s clear by now that the potential for damage from this vulnerability is quite high, and will last for a very long time.
It’s hard not to compare Log4Shell with the emergence of EternalBlue over five years ago. Both are critical code injection vulnerabilities requiring patching, with severe consequences for those who ignore it. But unlike EternalBlue, which is only found in Windows, Log4Shell is present in a myriad of applications and is notoriously difficult to track. Those infected by EternalBlue were seen as victims, while those infected by Log4Shell are considered much more culpable by regulators. And while EternalBlue was almost immediately abused for the widespread infection of WannaCry, Log4Shell has yet to manifest a high-profile attack.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
