‘That was the night before Christmas
When the whole house
Not a single creature is stirring,
Not even a mouse…
As Christmas 2021 approaches, think about it for your system management system, your IT team, and your cyber security staff.
Until Christmas Eve, there may be many rats stirring in the entire IT room…
…Because that is deadline The infamous Log4Shell vulnerability was patched by the US Cyber Security and Infrastructure Security Agency (CISA), which is a dangerous exploitable vulnerability in Log4j, which is widely used by Apache (Java logging) Programming toolkit.
Since the first news of the issue on December 9, 2021, Apache has patched the code once instead of three times. In version 2.15.0, CVE-2021-44228 has been fixed several times, followed by 2.16.0. A related bug was fixed, called CVE-2021-45046, which quickly became invalid again in 2.17.0 to handle CVE-2021-45105.
Why is the pressure from CISA? Why should we rush when we should enjoy a global holiday? Why not wait until the Chinese New Year to deal with it?
This is why your system administrator should pick one (actually three) for the team…
(If you can’t see the text here, please try full screen mode, or Watch directly On YouTube. Click the gear in the video player to speed up playback or turn on subtitles. )
Learn how to fix it
Know the problem yourself
Learn how cybercriminals use it to attack
Use SOPHOS Lab to mine vulnerable code
