Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

The Log4j library vulnerability saga, dubbed Log4Shell, is projected to affect users for years due to its prevalent utilization, says Dr. Johannes Ullrich of the SANS Technology Institute. A new vulnerability, CVE-2021-45046, has been discovered after the initial Log4Shell (CVE-2021-44228) problem was inadequately treated in secondary configurations. Threats range from ransomware to nation-state actors and access brokers. Mitigation efforts should now focus on reducing exposure by patching and investigating vulnerable systems.