Log4j may be the worst vulnerability yet, says Department of Homeland Security

The US Cybersecurity and Infrastructure Security Agency warns that the newly discovered Log4j vulnerability will affect hundreds of millions of devices and that 'no single action will fix the issue.'The vulnerability, CVE-2021-44228, exists in the widely used Java library Apache Log4j. It's classified as a severe zero-day flaw and, if exploited, could allow attackers to perform remote code execution and grant control over affected servers.Experts at the Cybersecurity and Infrastructure Security Agency, a Department of Homeland Security component, are preparing to create a dedicated website to provide information and counteract 'active disinformation.' Read more...