On December 9, 2021, Chen Zhaojun of the Alibaba Cloud Security Team discovered CVE-2021-44228, a.k.a. Log4Shell, a high-severity vulnerability that affects the core function of Log4j, which is a logging library utilized by many Java programs developed in the past 10 years.
The Log4Shell (CVE-2021-44228) promotes the ability of others to remotely execute code – and access all data on the impacted device in addition to running any code at will. Maintaining business continuity is critically important to all of us, especially in the face of the global Log4j vulnerability and other exploitations.
There are several excellent resources emerging in the face of this vulnerability:
- CISA has published an Apache Log4j Vulnerability Guidance page:
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance - Log4j Security Vulnerabilities page:
https://logging.apache.org/log4j/2.x/security.html - CISA’s Cyber Essentials:
https://www.cisa.gov/cyber-essentials
ControlCase Policy and Procedure Templates which may protect against future attacks:
- Business Continuity Plan Policy and Procedures Template:
https://www.controlcase.com/business-continuity-policy-template/ - Incident Management Policy Template:
https://www.controlcase.com/incident-management/ - IT Security Policy Template:
https://www.controlcase.com/it-security-policy-template/ - Vulnerability Management Template:
https://www.controlcase.com/vulnerability-management-templates/