While most developers — myself included — primarily write in higher-level languages like Python or JavaScript, sometimes you need to add in native elements to improve performance or other project aspects. Since these native extension invocations are typically written in C or C++, suddenly a project primarily using JavaScript or Python must also account for potential C/C++ transient dependencies.
Vulnerability assessments define, identify, classify, and prioritize flaws and vulnerabilities in applications, devices, and networks that can expose organizations, their products, services, code, and applications, to attack. Security vulnerabilities allow malicious actors to exploit an organization’s applications and systems, so it is essential to identify and respond to them before attackers can exploit them.
By Yotam Perkal, Head of Vulnerability Research Researchers here at Rezilion wanted to assess the current potential attack surface of the Log4Shell vulnerability today, 4 months later, now that the dust has settled. We hoped that due to the massive amount of media coverage the Log4Shell vulnerability has received, that the majority of applications have been patched. We assumed finding services that are still vulnerable would be challenging. We were wrong.
As the digital world continues to rebuild after the Log4j hurricane, the threat landscape is once again disturbed by the rumbling of an approaching zero-day storm. After barely recovering from a zero-day dubbed as the worst hack ever encountered, concerns are understandably heightened, and as a result, there are many misconceptions about the severity of Spring4Shell.