Picus Security Adds Log4j Exploit Simulations to Threat Library
Picus Security has updated its threat library with new simulations targeting critical vulnerabilities in the Apache Log4j logging library, including CVE-2021-44228.
Cybersecurity firm Picus Security has enhanced its threat library by adding new simulations designed to emulate and defend against attacks exploiting the Apache Log4j logging library. The updates specifically address critical vulnerabilities, most notably the remote code execution flaw known as CVE-2021-44228 (Log4Shell).
Log4j, a widely adopted Java-based logging tool, has been found to contain several severe security weaknesses. These, revealed in late 2021, allow unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The identified vulnerabilities include CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.
Picus Security's new simulations enable organizations to test the effectiveness of their existing security controls against these types of threats. The platform aims to help companies verify their defenses against Log4j exploits and identify any gaps in their security posture.
The company highlights that CVE-2021-44228 is particularly dangerous due to its unauthenticated remote code execution capability, potentially giving attackers full control over affected servers for further exploitation. Updates have also been provided to address the other identified Log4j vulnerabilities, allowing businesses to validate and strengthen their cybersecurity defenses.