What is the Log4j Vulnerability?
A flaw in widely used internet software known as Log4j has left companies and government officials scrambling to respond to a glaring cybersecurity threat to global computer networks.
The bug disclosed last week could enable potentially devastating cyberattacks that span economic sectors and international borders, according to security experts.
U.S. officials say that hundreds of millions of devices are at risk, while researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already probing how to exploit the vulnerability within targets’ computer systems.
CISA (Cybersecurity and Infrastructure Security Agency) published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community on 12/22/2021. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities. This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046).
CISA Log4j Scanner Download:
https://github.com/cisagov/log4j-scanner
What is Log4j?
Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Distributed free by the nonprofit Apache Software Foundation, Log4j has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications. The software is maintained by Apache volunteers.
How can hackers take advantage of Log4j’s vulnerability?
The Log4j flaw, disclosed by Apache on , allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control. Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure.
Security experts are particularly concerned that the vulnerability may give hackers enough of a foothold within a system to install ransomware, a type of computer virus that locks up data and systems until the attackers are paid by victims. Security company F-Secure Oyisaid its analysts have observed some ransomware variants being deployed via the flaw already, along with malware that is often deployed as a precursor to a ransomware strike.
The above information is retrieved from the WALL STREET JOUNRNAL. For further information, please go to https://www.wsj.com/articles/what-is-the-log4j-vulnerability-11639446180
2 CVEs for the Log4j vulnerabilities disclosed by Apache
| Security Vulnerability CVE-2021-44228 | Security Vulnerability CVE-2021-45046 | |
|---|---|---|
| Addressed in | Log4j 2.12.2 and Log4j 2.16.0 | Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up |
| Summary | Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. | Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. |
The above information is retrieved from Apache official website. For further information, please go to https://logging.apache.org/log4j/2.x/security.html
How IT Security Vendors handle the Log4j Vulnerabilities?
Many IT Security Vendors have traced attempted attacks that exploit the this vulnerabilities. Each has released the security patch or signatures and provide the recommendation on how to against this attack to protect their customer business.
Please click on the Vendors’ logo for further information on their responses.
For further enquiries on Log4j, please contact our consultants ([email protected]).
