Landing on the incident response boards for software engineering teams worldwide in December 2021, the Log4j vulnerabilities in Java software remain a real concern for developers more than 9 months later.
Apache Log4j is a popular logging library in the Java software development community. Late last year, researchers discovered that it had vulnerabilities which made it susceptible to an attack that forced software to execute malicious code. Later versions of the Log4j tools fixed these problems, but many people are still using the vulnerable software.
Microsoft Security recently reported that users of out-of-date versions of the SysAid IT management products suffered a cyberattack because of the Log4j vulnerabilities. According to the report, malicious actors associated with the Iranian Ministry of Intelligence and Security were able to exploit the Log4j vulnerabilities to attack organizations located in Israel. The Iranian actors were then able to gain administrator access on the Israeli machines and run commands locally. Israel and Iran have an ongoing, state-level conflict, and the Log4j vulnerabilities were the avenue used in this particular cyberattack.
The post Log4j vulnerabilities still an issue, but CodeSec audit can help | Contrast Security appeared first on Security Boulevard.
Leer másSecurity Boulevard
