Log4j - How the Cloud Providers responded!

<p>Cloud Security News this week 15 December 2021</p> <ul> <li>This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. &nbsp;Log4j is a &nbsp;Java library for logging error messages in applications. It was &nbsp;developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a <a href="https://logging.apache.org/log4j/2.x/security.html">maximum CVSS ( Common Vulnerability Scoring System ) score of 10</a>. The zero-day had been exploited at least <a href="https://twitter.com/eastdakota/status/1469800951351427073">nine days before it surfaced</a> on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more.</li> <li>AWS has released details on how the flaw impacts its services and said it is <a href="https://aws.amazon.com/security/security-bulletins/AWS-2021-005/">working on patching its services</a> that use Log4j and has released mitigations for services like CloudFront. This can be viewed <a href="https://aws.amazon.com/security/security-bulletins/AWS-2021-005/"><u>here.</u></a> Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j &nbsp;exploitation <a href="https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/"><u>here</u></a> and Google &nbsp;cloud is also “is actively following the security vulnerability” and &nbsp;has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability <a href="https://cloud.google.com/blog/products/identity-security/recommendations-for-apache-log4j2-vulnerability"><u>here</u></a> IBM <a href="https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/">said</a> it is "activel