Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…