Trend Micro -
What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities.
What is Apache Log4j?
You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark, and Struts. Unsurprisingly, due to the ubiquity of the program, the entire cybersecurity and tech industry is in overdrive.
Although Log4j is an incredibly useful tool for developers who want to log data for later use, it doesn’t sanitize inputs. This allows malicious actors to include untrusted data in logged messages and call back to a malicious server via JDNI lookup. Et voila, cybercriminals now have the access to mine cryptocurrency (check those bills!), launch DoS/DDoS attacks, or drop dreaded ransomware.
Source: The Cyber Security Hub™
DevOps role in remediation
Are you still hearing