On Dec. 9, 2021, a remote code execution (RCE) vulnerability in the popular Java-based logging package Log4j was disclosed. Submitting a specially crafted request to a vulnerable system allows an attacker to download and execute a malicious payload to perform additional functions such as data exfiltration, diverting funds, performing surveillance, or disrupting service. What many experts fear now is that the bug could be used to encrypt data and due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Scanning activity for CVE-2021-44228 has actively begun on the internet with the intent of seeking out and exploiting unpatched systems. Apache Log4j versions <= 2.15.0 rc1 are vulnerable.
Matthew Runk, Vice President, Sales Mid-Atlantic, leads a regional sales team focused on the technology needs of our clients. Matt started with Presidio as an Account Manager and has since held numerous leadership positions. He has more than 25 years of experience in technology sales. He holds a Bachelor of Science from Shippensburg University and an MBA from Temple University.