Log4j: Getting ready for the long haul (CVE-2021-44228), (Tue, Dec 14th)

Friday (Dec. 10th), we moved our Infocon to “Yellow” for the first time in about two years. We saw an immediate need to get the word out as the log4shell vulnerability ( %%cve:2021-44228%%) was actively exploited and affected various widely used products. Patches and workarounds were not readily available at the time. Our Infocon indicates “change,” not “steady-state.” By now, everybody in infosec knows about log4shell. This morning I noticed that even cnn.com had log4j/log4shell mentioned at the top of the page. Once CNN covers an infosec topic like this: It should be old news for anybody “in the field.”

Article Link: https://isc.sans.edu/diary/rss/28130