Skip to content

Healthcare sector struggles to address Log4j vulnerability without ‘breaking’ critical applications

Posted by:
< 1 min read

January 18, 2022 – Published on SC Media

Healthcare faces the same struggles as federal government and well-resourced sectors in Log4j remediation, but compounded by ongoing patch management issues and reliance on legacy platforms that may force difficult decisions tied to critical applications.

In early December, researchers first disclosed a critical vulnerability found in the Apache Foundation’s Log4j logging tool. Since that time, researchers have uncovered further flaws and observed multiple malware variants and other threats directly targeting the vulnerability.

Researchers have continued to deploy fixes, as threat actors continue to scan for ways to exploit the vulnerability. Log4j is “a Hydra of sorts, whether you’re in healthcare or not. You feel like you cut a head off of it and two more come back because you didn’t fully understand what you were dealing with in the first place,” Tony Cook, head of threat intelligence at GuidePoint Security told SC Media.

Read More HERE.

Categories: Cybersecurity News Vulnerability Management & Penetration Testing

GuidePoint Security

Security Advisory: Log4j Vulnerability
Original Post on December 13, 2021 (Updated on 12/20/2021) ***Note: The intent of this analysis is to aggregate the wide […]
View Page

Related Articles

View All

  • Threat Advisory
Security Advisory: Log4j Vulnerability
Posted by: GuidePoint Security
Read More 7 min read
  • Vulnerability Management & Penetration Testing
What you need to know about the Log4j vulnerability
Read More < 1 min read
  • Cybersecurity
EoL Systems Stonewalling Log4j Fixes for Fed Agencies
Read More < 1 min read