Experts: Log4j Bug Could Be Exploited for “Years”

Dec 14, 2021 12:00 pm Cyber Security 159

Experts: Log4j Bug Could Be Exploited for “Years”

Security experts have warned that the Log4j vulnerability could still enable threat actors to launch attacks years from now, if security teams don’t up their game.



Forrester analyst, Allie Mellen, claimed the sheer scale and potential persistence of the threat was extremely worrying.



“This vulnerability is so dangerous because of its massive scale. Java is used on over three billion devices, and a large number of those use Log4j, which is where the vulnerability lies,” she added.



“It will be used for months if not years to attack enterprises, which is why security teams must strike while the iron is hot.”



A patch for the Apache logging product has been released, but although the vulnerability has a CVSS score of 10, many organizations might struggle to find instances running in their environment.



That’s in part because of the multiple layers of dependencies that exist in enterprise Java environments, in the form of Java archive (JAR) files. Any one of these may be hiding Log4j to help them log data.



BH Consulting founder and Infosecurity Europe Hall of Fame inductee, Brian Honan, agreed that the vulnerability “is likely to be with us for a long time.” He warned organizations to be prepared for a “long drawn-out process” of identifying vulnerable products, waiting for and applying patches, and putting mitigations in place.



“The issue is that many vendors may not know to what extent they are using Log4j, what version ..

Support the originator by clicking the read the rest link below.

experts log4j could exploited years
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!