HomeTechnologyThe Log4J Vulnerability Will Haunt the Internet for Years

The Log4J Vulnerability Will Haunt the Internet for Years


master mentalism tricks

A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world’s most popular applications and services to attack, and the outlook hasn’t improved since the vulnerability came to light on Thursday. If anything, it’s now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.

Hackers have been exploiting the bug since the beginning of the month, according to researchers from Cisco and Cloudflare. But attacks ramped up dramatically following Apache’s disclosure on Thursday. So far, attackers have exploited the flaw to install cryptominers on vulnerable systems, steal system credentials, burrow deeper within compromised networks, and steal data, according to a recent report from Microsoft

The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username.

Major tech players, including Amazon Web Services, Microsoft, Cisco, Google Cloud, and IBM have all found that at least some of their services were vulnerable and have been rushing to issue fixes and advise customers about how best to proceed. The exact extent of the exposure is still coming into view, though. Less fastidious organizations or smaller developers who may lack resources and awareness will be slower to confront the Log4Shell threat. 

“What is almost certain is that for years people will be discovering the long tail of new vulnerable software as they think of new places to put exploit strings,” says independent security researcher Chris Frohoff. “This will probably be showing up in assessments and penetration tests of custom enterprise apps for a long time.”

The vulnerability is already being used by a “growing set of threat actors,” US Cybersecurity and Infrastructure Security Agency director Jen Easterly said in a statement on Saturday. She added that the flaw is “one of the most serious I’ve seen in my entire career, if not the most serious” in a call with critical infrastructure operators on Monday, as first reported by CyberScoop. In that same call, a CISA official estimated that hundreds of millions of devices are likely affected.

The hard part will be tracking all of those down. Many organizations don’t have a clear accounting of every program they use and the software components within each of those systems. The UK’s National Cyber Security Centre emphasized on Monday that enterprises need to “discover unknown instances of Log4j” in addition to patching the usual suspects. By its nature, open source software can be incorporated wherever developers want, meaning that when a major vulnerability crops up, exposed code can lurk around every corner. Even before Log4Shell, software supply chain security advocates had increasingly pushed for “software bills of materials,” or SBOMs, to make it easier to take stock and keep up with security protections.

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Hollywood Spotlight: Director Jon Frenkel Garcia
The Dutchman Cast: André Holland, Zazie Beetz & More Join
The Creator Reactions: Gareth Edwards’ Latest Is One of 2023’s
Company Paid Critics For Rotten Tomatoes Reviews
11 Most Shocking Moments of ‘NCIS’ (So Far)
Days of Our Lives Round Table: Alex is Victor’s Son!
Neighbours Spoilers for the Week of 10-02-23: What’s Nell’s Latest
Yellowstone Season 1 Episode 4 Review: The Long Black Train
‘It’ Actor Bill Skarsgard to Star in Upcoming Remake of
Maynard James Keenan Acknowledges Huge Fake Gimmick About His Wine
Tirzah Releases New Album Trip9love…???
18 Songs You Should Listen to Now: This Week’s Pitchfork
9 Boob Tapes That Work For All Busts, Shapes, and
Here’s Why Apple Cider Vinegar Is the Ingredient Your Hair
I Travel a Lot for Work—These Are the Useful Items
The Best Street Style Looks From the Fall 2023 Couture
The Best New Book Releases Out October 3, 2023
NYPL Launches Nationwide Teen Banned Book Club
Danielle Steel Books are On Sale Today for $2
8 Chilling YA Halloween Books to Get Ready for Spooky
Huge rise in US overdose deaths from fentanyl mixed with
COVID drug molnupiravir may be driving the virus to mutate
Lack of evidence hampers progress on corporate-led ecosystem restoration
Mosquitoes dodge efforts to swat them by surfing a wave
BYD Atto 3 Electric SUV With Blade Battery Technology Launched
Bitcoin Falls to $19,000 in Anticipation of Tighter Fed Policy
Portugal’s Ministry of Finance Eyeing a Capital Gains Tax for
Early Prime Day TV Deals Are Already Here