A new critical vulnerability (CVE-2021-44228) in Apache Log4j was disclosed on December 10, 2021. It was immediately clear that the widespread use of this software combined with the relative ease to exploit would make this a primary target by threat actors. The security system LunaSec is dubbing this vulnerability "Log4Shell" as a quick reference to this CVE. In the days since the critical vulnerability was revealed, evidence of exploitation by threat actors has begun to emerge. Flashpoint's intel team, and Jake Kouns, CEO of Risk Based Security discuss what is known about this vulnerability, who is seeking to exploit it, and how your organization can protect against becoming a victim.
• Jake Kouns, CEO, Risk Based Security
• Kecia Hoyt, Director - Intelligence, Flashpoint
• Cheng Lu, Senior Analyst II, Flashpoint
• Steven Ouellette, Senior Analyst I, Flashpoint
*This call was recorded on Dec. 14, 2021 at 11 a.m. ET