Getty Images
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability.
This week's Risk & Repeat podcast discusses the critical Log4Shell vulnerability and how it's shaken the infosec industry over the last week.
The remote code execution bug, tracked as CVE-2021-44228, was revealed last week, and exploitation activity was detected soon after. The flaw is considered extremely dangerous because it exists in Apache's Log4j, a widely used open source logging program that can be found in everything from cloud services to PC games. As attack attempts quickly increased over the weekend, security experts and government agencies urged organizations to patch or mitigate Log4Shell immediately.
However, earlier this week, Apache disclosed a second flaw in Log4j, tracked as CVE-2021-45046, after a security researcher discovered the patch for LogShell was incomplete. Apache also warned that some previous mitigations for Log4Shell had been "discredited" as a result of the new vulnerability. SearchSecurity editors Rob Wright and Alex Culafi discuss the latest on Log4Shell in this episode.