The Apache Log4j zero day vulnerability may be the most serious security vulnerability to have emerged in years. The vulnerability, CVE-2021-44228, can be exploited remotely by a single line of code. Many organizations may not even know if they’re vulnerable, as Log4J 2 can be embedded deep in applications that users will not have developed. Experts are already seeing mass scanning that aim to deploy coin miners or malware for botnets, among other concerning events. The long tail on this vulnerability is “quite, quite extraordinary over time,” BugCrowd.com CTO Casey Ellis says.”]
Source: https://www.cuinfosecurity.com/serious-log4j-security-flaw-race-underway-to-discern-scope-a-18107