Apache Log4j Vulnerability: What You Need to Know and Mitigation Guidance

Presented by

Bob Rudis, Senior Director, Chief Security Data Scientist; Devin Krugly, Practice Advisor, Vulnerability Risk Management

About this talk

On December 10, 2021, a critical remote code execution (RCE) vulnerability in Apache’s widely used Log4j Java library (CVE-2021-44228) sent shockwaves across the online world. Also known as Log4Shell, this zero-day vulnerability has impacted huge portions of the internet and web applications because of Log4j’s widespread use. Successful exploitation of Log4Shell can allow a remote, unauthenticated attacker to take full control of a target system. To help organizations address this vulnerability and offer mitigation guidance, the Rapid7 team is coming together to discuss: - Details on how this vulnerability works and what kind of system it impacts - The ways this vulnerability can be and is being exploited in the wild and why it’s such a critical situation - What organizations can expect in the coming days and weeks, and possible long-term impacts - Mitigation and detection guidance, including actionable next steps organizations can take - Recommended resources to learn more and stay on top of updates

Related topics:

More from this channel

Upcoming talks (10)
On-demand talks (416)
Subscribers (35792)
Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.