Free online course to teach participants about Log4j vulnerability
The objective of the course is to train teams in what the Log4j vulnerability is, its impact and the measures that organizations can take.
Tech Workforce Development Company Pluralsight has introduced a free course that addresses the Log4j vulnerability.
The course is launched in response to the Log4Shell cybersecurity vulnerability that recently made headlines. It provides an overview of vulnerability, what it does and does not impact, and some steps organizations can take to test for vulnerability.
Participants can take the course for free on the Pluralsight e-learning platform.
Log4j is a Java-based logging utility that is used by many companies for their web infrastructure including Microsoft, Apple, Amazon, Cisco, Tesla, Twitter, and Baidu. The recently discovered Log4j flaw could be exploited by hackers to gain access to computer systems.
Last week, Ireland’s National Cyber ââSecurity Center (NCSC) issued a warning to all companies that use web servers to respond to the threat, dubbed Log4Shell. The NCSC said Apache, which manages Log4j, has released an update to correct the flaw.
The US government has also called for caution in the face of the potential security threat.
Brandon DeVault, senior security author at Pluralsight, said the flaw received a CVE score of 10, which “is rarely seen.” CVE, or Common Vulnerabilities and Exposures, is an assessment of publicly disclosed computer security vulnerabilities, with 10 being the score for the most severe vulnerabilities.
âThis is the highest criticality score a vulnerability can achieve,â added DeVault. âThe vulnerability allows an attacker to replace fields or recorded elements with malicious code. Simply put, this has the potential to give an adversary full control over the vulnerable application. Depending on the location of this application, it can give full access to a network.
âThe simple Log4j patch is more complicated than doing a single scan on your network and applying a patch. Since Log4j is used as an open source logging plug-in for thousands, if not millions of applications, it will take some time for organizations to find out which applications within their network are using it.
The Pluralsight course, Log4j Vulnerability: What You Need to Know, includes a question-and-answer session on the Log4j vulnerability. The goal is to educate teams on why this is such a critical and widespread vulnerability and how businesses can identify if they have been affected.
Don’t miss out on the knowledge you need to be successful. Subscribe to Brief Daily, the compendium of essential scientific and technological news from Silicon Republic.