Apache Log4j Vulnerability: What You Need to Know and Mitigation Guidance

Presented by

Bob Rudis, Senior Director, Chief Security Data Scientist; Devin Krugly, Practice Advisor, Vulnerability Risk Management

About this talk

On December 10, 2021, a critical remote code execution (RCE) vulnerability in Apache’s widely used Log4j Java library (CVE-2021-44228) sent shockwaves across the online world. Also known as Log4Shell, this zero-day vulnerability has impacted huge portions of the internet and web applications because of Log4j’s widespread use. Successful exploitation of Log4Shell can allow a remote, unauthenticated attacker to take full control of a target system. To help organizations address this vulnerability and offer mitigation guidance, the Rapid7 team is coming together to discuss: - Details on how this vulnerability works and what kind of system it impacts - The ways this vulnerability can be and is being exploited in the wild and why it’s such a critical situation - What organizations can expect in the coming days and weeks, and possible long-term impacts - Mitigation and detection guidance, including actionable next steps organizations can take - Recommended resources to learn more and stay on top of updates

Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (330)
Subscribers (30293)
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.