acm-header
Sign In

Communications of the ACM

ACM News

We are Still Failing to Learn the Most Important Lesson in Cybersecurity


View as: Print Mobile App Share:
Coders at work.

Organizations can't ignore vulnerabilities and issues and hope they just go away. Fixing issues is a challenge, but taking notice of security alerts and warnings to ensure your network is protected is an absolute must. 

Credit: gilaxia/Getty

One year ago, a newly discovered zero-day vulnerability rocked the world of cybersecurity, but 12 months on, there are clear signs that vital lessons haven't been learned. 

The catchily-titled CVE-2021-44228 was and still is an easy to exploit vulnerability in the widely used Java logging library Apache Log4j, which enables attackers to remotely gain access to and take control of machines and servers. 

Upon discovery, it was a massive concern, because the ubiquitous nature of Log4j meant it was (and is) embedded in a vast array of applications, services and enterprise software tools that are written in Java and used by organizations and individuals around the world.

From ZDNet/Innovation
View Full Article

 


 

No entries found