IT disaster recovery, cloud computing and information security news

Log4Shell – EU organizations issue assessment and advice on the Log4j vulnerability

The European Commission, the EU Agency for Cybersecurity, CERT-EU, and the network of the EU national computer security incident response teams (CSIRTs network) have issued a joint statement on the Log4Shell vulnerability.

Key points in the statement are:

  • Log4Shell is a vulnerability in the well-known open source Java logging package Log4j, which is maintained by the Apache Software Foundation.
  • Log4j is used in a wide array of applications and web services across the globe.
  • Due to the nature of the vulnerability, its ubiquity and the complexity of patching in some of the impacted environments, it is important that all organizations assess their potential exposure as soon as possible.

Alongside the joint statement CERT-EU has published a detailed document to help organizations respond to and mitigate the vulnerability.

CERT-EU states that:

  • This vulnerability could allow the attacker full control of an affected server, if a user-controlled string is logged.
  • Since it is easy to be exploited, the impact of this vulnerability is quite severe. Reports show that it is being actively exploited in the wild.

Read the CERT-EU Security Advisory (PDF).

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.