Content
Ricky rickhanloni We don’t need everyone to upgrade log4j, just enough for herd immunity to takeover 6:55 PM Dec 12, 2021 Twitter for iPhone 1,025 Retweets 107 Quote Tweets 5,119 Likes Ricky rickhanlonii Dec 12 Replying to rickhanlonii my repo my choice 3 tV 41 554 the squirrel in the tree ay A ( Dec 12 Replying to rickhanlonii do you really even know what’s in those patches? could be worse than the actual vuln 9 4 17 21 377 ars Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit If you’ve patched using Log4J 2.15.0, it’s time to update again. Stat! by Dan Goodin – Dec 16, 2021 8:40am AEDT r Login to bookmark 10 Wikimedia CommonsAlex E. Promos Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the planet. Open- source developers quickly released an update that patched the flaw and urged all users to install it immediately. Now, researchers are reporting that there are at least two vulnerabilities in the patch, released as Log4J 2.15.0, and that attackers are actively exploiting one or both of them against real-world targets who have already applied the update. The researchers are urging