A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
The last two years have introduced new challenges to organizations across the globe -- from managing business operations through an ongoing pandemic; to a rapid-fire pivot to a digital mode of work; to an increase in cyber attacks targeting businesses directly, and through their supply chains.
BitSight partnered with Good Harbor to host a salon discussion with security leaders from various industries to hear their thoughts on what the breach means for the security industry. Hosted by Richard A Clarke and BitSight’s Stephen Boyer, the discussion covered a range of topics from what happened, to what we should learn from the event, to what needs to happen next to minimize the damage from future attacks.