Archive360 News

Latest information about Archive360 and industry information

James McCarthy, Esq.

James M. McCarthy graduated from Christian Brothers Academy in 1982; Rutgers College, Rutgers University in 1986; and Western New England College School of Law in 1989. Mr. McCarthy was admitted to the New Jersey State Bar in 1989; the United States District Court for the District of New Jersey in 1989 and the United States Court of Appeals for the Third Circuit in 1991.

December 16th, 2021

Background On December 10, 2021, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) reported that the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this JNDI (Java Naming and Directory Interface)vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. CISA has encouraged users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. Also, on December 13, 2021, CISA announced the formation of a designated web page to track the Log4j vulnerabilities in partnership with the Joint Cyber Defense Collaborative.

1 of 1

Meet Your Host

Bill Tolson

Bill is the Vice President of Global Compliance for Archive360. Bill brings more than 29 years of experience with multinational corporations and technology start-ups, including 19-plus years in the archiving, information governance, and eDiscovery markets. Bill is a frequent speaker at legal and information governance industry events and has authored numerous eBooks, articles and blogs.

James McCarthy, Esq.

James M. McCarthy graduated from Christian Brothers Academy in 1982; Rutgers College, Rutgers University in 1986; and Western New England College School of Law in 1989. Mr. McCarthy was admitted to the New Jersey State Bar in 1989; the United States District Court for the District of New Jersey in 1989 and the United States Court of Appeals for the Third Circuit in 1991.

Recent Posts

Apache Software Vulnerability Exploit-Log4j

Posted by James McCarthy, Esq. on Dec 16, 2021 12:15:00 PM
Background


On December 10, 2021, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) reported that the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this JNDI (Java Naming and Directory Interface)vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. CISA has encouraged users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. Also, on December 13, 2021, CISA announced the formation of a designated web page to track the Log4j vulnerabilities in partnership with the Joint Cyber Defense Collaborative.

Read More