Extremely bad vulnerability found in widely used logging system

Security teams at companies large and small are scrambling to patch a previously unknown vulnerability called Log4Shell, which has the potential to let hackers compromise millions of devices across the internet.

If exploited, the vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that would completely compromise machines.

The vulnerability is found in log4j, an open-source logging library used by apps and services across the internet. Logging is a process where applications keep a running list of activities they have performed which can later be reviewed in case of error. Nearly every network security system runs some kind of logging process, which gives popular libraries...

Continue reading…