On Dec. 9, 2021, a remote code execution (RCE) vulnerability in the popular Java-based logging package Log4j was disclosed. Submitting a specially crafted request to a vulnerable system allows an attacker to download and execute a malicious payload to perform additional functions such as data exfiltration, diverting funds, performing surveillance, or disrupting service. What many experts fear now is that the bug could be used to encrypt data and due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Scanning activity for CVE-2021-44228 has actively begun on the internet with the intent of seeking out and exploiting unpatched systems. Apache Log4j versions <= 2.15.0 rc1 are vulnerable.
Marc Clark, a seasoned expert with 15+ years in cloud computing, data analytics, and AI/ML, has led global teams in developing cloud strategies and guiding customers through digital transformations. His current focus on GenAI, combined with his MBA and multilingual skills, makes him a compelling speaker on cutting-edge technologies.