The string of vulnerabilities found over the past few weeks in the widely used Log4j open-source Java component continue to keep enterprise security teams busy. While patching the impacted library should be the priority, identifying all affected applications and servers on big networks is not straightforward due to indirect software dependencies and third-party products.

The problem is the more time it takes organizations to find potentially exposed assets, the more time attackers have to find them and exploit them. Different groups of attackers are currently exploiting the remote code execution flaws, ranging from state-sponsored cyberespionage actors to ransomware groups and cryptocurrency mining and DDoS botnets.

To read this article in full, please click here

(Insider Story)

Go to Source of this post
Author Of this post:

By admin