Episode Player

📝Show notes:

Michala Liavaag dives into what executives, non-executive directors and trustees need to know about 'Log4shell', a new vulnerability that is rated at the maximum 10. 

The main facts you need to know: What is it? Where is it? Why should we care? What can we do about it? 

She also discusses misconceptions and shares some questions leaders should ask their IT, third party providers and other suppliers. 

NOTES: 

After the recording of this episode, Apache have released v2.16: https://logging.apache.org/log4j/2.x/

At 3m38s, RCE is mentioned and it stands for Remote Code Execution. 

👉 Cited in this episode: 

Apache Foundation https://logging.apache.org/log4j/2.x/security.html

NCSC UK https://www.ncsc.gov.uk/news/apache-log4j-vulnerability

NHS Digital Cyber Alerts https://digital.nhs.uk/cyber-alerts/2021/cc-3989

Affected software lists: MVN Repository https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/usages

NCSC-NL https://github.com/NCSC-NL/log4shell/tree/main/software

Manual testing (only to be used on sites you/your IT are authorised to test) https://log4shell.huntress.com/

-----

⭐Found this useful? Please rate and review, as it helps reaching more people 

👍You can also subscribe and share on social media

💬 Contribute to future episodes with your cyber security concerns and questions

📃Transcription 

🤝Connect with Michala and Cybility Savvy:

✅ LinkedIn ✅ Twitter ✅ Youtube ✅ Instagram 

---

✍🏾Written and produced by Michala Liavaag

🎦Co-produced and edited by Ana Garner video

🎵Music by CFO Garner

-----

⭐Found this useful? Please rate and review, as it helps reaching more people 

👍You can also subscribe and share on social media

💬 Contribute to future episodes with your cyber security concerns and questions

🤝Connect with Michala and Cybility Savvy:

✅ LinkedIn ✅ Twitter ✅ Youtube ✅ Instagram 

---

✍🏾Written and produced by Michala Liavaag

🎦Co-produced and edited by Ana Garner video

🎵Music by CFO Garner