PremiumA vulnerability called Log4Shell is keeping security researchers and large corporations worldwide on their toes. The flaw is one of the most severe security loopholes seen in a long time, and could affect millions of websites. Mint explains:
What is the Log4Shell vulnerability?
The Log4Shell vulnerability is a flaw in one of the most widely used server software. It is a remote code execution (RCE) vulnerability, which means attackers can use it to remotely execute arbitrary code on a server and steal data. It is a vulnerability in a logging library that is used by almost every big company in the world, including Apple Inc., Microsoft Corp., Amazon.com Inc., Google LLC, and more. Logging libraries allow developers to monitor their applications and catch bugs. The vulnerability has been given a 10/10, the highest severity rating for such vulnerabilities.
Why is Log4Shell a severe flaw?
The logging library called Log4J is used by almost every website and technology company. It is an open-source software maintained by Apache Software Foundation, and was a zero-day vulnerability when it was discovered on 9 December. Companies like Google, Microsoft, and Cisco Systems Inc. say their programs and applications have been affected. While Microsoft said Minecraft players could be affected, Cisco said it is investigating the amount of exposure to its applications, including the popular WebEx meeting app that has gained popularity over the last year.
Whom does Log4Shell affect?
The good news is that Log4Shell doesn’t affect users directly. But compromising a company like Apple can always give an attacker access to its millions of users in the long run. For instance, security researchers have said that hackers could gain complete control of the computers of gamers who use the Java version of Minecraft on personal computers.
How does one protect against Log4Shell?
There’s not much regular users need to do. But Minecraft players will have to ensure that they are on the newest client of the game that consists of a fix for the issue. For corporations, a patch was issued for the vulnerability on 13 December, and technology teams will have to ensure that this is incorporated in their systems. However, security researchers have warned that there could potentially be millions of servers and websites that are affected by the vulnerability, so it will be a while before everyone is secured.
Are attackers trying to exploit it?
Security firm Checkpoint Research said it had documented 846,000 attacks on corporations in the first 72 hours of the “outbreak". It said 46% of these attacks came from known malicious groups, and that 41% of corporate networks in India had faced an attempted exploit. 60 new variants of the original exploit had surfaced in under 24 hours. Romanian cybersecurity firm Bitdefender also found that a well-known state-sponsored hacking group was trying to exploit the vulnerability to install a ranso-mware called Khonsari on systems.
