Press "Enter" to skip to content

A second Log4J vulnerability

I have a feeling Log4J will be a topic to update for a few days.  Some new headlines. CheckPoint software is reporting more than 800,000 attempts to launch attacks 72 hours after the initial reports.     That’s jumped exponentially since the initial attacks on Saturday.     Attackers have now attempted to exploit the issue in over 40 percent of global networks.     System integrators, VARs, and distributors are the most impacted organizations by industry, with ISPs and MSPs in the number three spot. 

A second vulnerability has been discovered, and a patch released.    It addresses a problem with the original fix, as it was “incomplete in certain non-default configurations.”  The new fix is in Log4J 2.16.0.

Why do we care?

Because it’s tactical.   If you’re generally in IT, you had better be broadly tracking this one.