Home Security meltdown: Log4j vulnerability

Security meltdown: Log4j vulnerability

Dec 13- A new security vulnerability affects digital systems across the internet, and across the globe. Hackers have begun to exploit the bug, and software developers are racing to fix it. Researchers state that the bug could lead to serious repercussions worldwide.

The vulnerability

The issues has to do with Log4j, a ubiquitous, if obscure, open-source Apache logging framework that’s commonly used by developers to keep tabs on activity within an application. Security personnel are scrambling to find a resolution, as nefarious persons can easily exploit the bug to take remote control over vulnerable systems.

Hackers are actively scanning the internet for vulnerable systems. A handful of hackers have already released tools that auto-exploit the bug as soon as it’s identified. In addition, hackers have released computer worms that can exploit the vulnerability, which spreads the worm and the malware infection across systems.

Impact of Log4j

A Java library, Log4j isn’t the most popular with consumers, but it’s widely used across enterprise systems and web applications. Researchers anticipate that many mainstream services may see impact.

For example, the CEO of a cloud-based company recently described the issue as sufficiently egregious that the company would attempt to create a patch for all customers, including those on its free tier of service.

“It’s a design failure of catastrophic proportions,” says another CEO.

Vulnerability remediation

On Friday, the United States Cybersecurity and Infrastructure Security Agency issued an alert pertaining to the vulnerability, as did Australia’s CERT and New Zealand’s government cyber security organization.

According to Apache, the vulnerability merits a label of “critical” in severity. Both patches and mitigation instructions have been published.

Nonetheless, experts contend that many organizations may need to develop their own patches on account of legacy software that cannot use existing patches.

“The internet is on fire…” said one anonymous security engineer. This may be the biggest internet-wide risk observed in recent years due to how common the code is on corporate networks. Has your organization patched this bug?

For more on this story, visit The Wall Street Journal. Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.