What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate.

News of the Log4Shell vulnerability is everywhere, with security experts variously calling the Apache log4j logging library bug a recipe for an “internet meltdown,” as well as the “worst cybersecurity bug of the year.” Names like “Apple,” “Twitter” and “Cloudflare” are being bandied about as being vulnerable, but what does the issue mean for small- and medium-sized businesses?

We asked security experts to weigh in on the specific impacts (and advice/remedies) for SMBs in a set of roundtable questions, aimed at demystifying the firehose of information around the headline-grabbing issue.

It may seem overwhelming for smaller companies. But our experts, from Anchore, Cybereason, Datto, ESET, HackerOne, Invicti’s Acunetix, Lacework and Mitiga, have weighed in here with exclusive, practical advice and explanations specifically for SMBs dealing with Log4Shell.

Questions answered (click to jump to the appropriate section):

Background on Log4Shell

Log4Shell (CVE-2021-44228) affects applications that rely on the log4j library to log data – and because that library is almost ubiquitous in Java applications, virtually any

Read More: https://threatpost.com/log4shell-bug-smbs-experts/177021/