Author: NZ GIM Cyber Security team
The United States has warned that hundreds of millions of devices are at risk from newly disclosed software vulnerabilities. Moreover, several recent large-scale and high-risk hacking incidents, such as the #Microsoft and #Solarwind hacks, are widely believed to have had CCP hackers ghosted behind them.
According to the GIM cybersecurity group, the vulnerability found in this case was rated as #CVSS10 critical by industry standards, which is the most serious and dangerous level.
One important reason why it is classified as the most dangerous is that this vulnerability is particularly widespread and commonly seen. In fact, not only the AWS and IBM products listed in the press release are affected but also any product provided by any company that has the specific #log4j modules is at risk of being exploited.
In the last few days, security practitioners have been busy doing two things: 1. figure out if there is such vulnerable log4j modules in their IT environment
2. update the log4j module by applying the patches. This is a very good example of the need of building vulnerability management capability in IT project, as it provides much needed capability to identify and remediate zero-day vulnerabilities like this in a timing manner.
Review proofreading：Barry Jack Upload Layout：F