Google Cloud recommendations for investigating and responding to the Apache “Log4j 2” vulnerability
Editor's note : This post was updated on 12/15/21 at 12:45pm PST. In this post, we provide recommendations from the Google Cybersecurity Action Team and discuss Google Cloud and Chronicle solutions to help security teams to manage the risk of the Apache “Log4j 2” vulnerability ( CVE-2021-44228 and CVE-2021-45046 ). For the latest updates on our assessment of the potential impact of the vulnerability on Google Cloud products and services, please visit Google Cloud’s security advisory page. Background The Apache Log4j 2 utility is an open source Apache framework that is a commonly used component for logging requests. On December [...]