In early January the US FTC indicated they would significantly fine organizations that do not take steps to remediate the Log4J vulnerability. The problem is Log4J is included broadly in several products, applications, and systems, but the way it is embedded into software makes it difficult to detect whether it is present, can be exploited or is actively being exploited. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The vulnerability takes advantage of Log4j's capability to allow requests to arbitrary LDAP and JNDI servers, allowing attackers to execute arbitrary code on a compromised machine.
Our research team has broken down how Log4j works, but more importantly what you can do today to detect the vulnerabilities embedded in various systems, and whether they are actually being exploited in order to immediately begin remediation efforts.
In the webinar we will cover:
- A brief explanation of the Log4j vulnerability (how does it work, who/what is affected)
- How to determine whether it is in your environment?
- What actions you can take to protect your organization?