Cyber Security is very dynamic and there are new daily discoveries that you need to keep up with. A week ago, a new vulnerability named Log4Shell was announced as one of the most serious cybersecurity flaws to be discovered and is being exploited by hackers. Now a vulnerability is any weakness in a system that can be manipulated to compromise it using an exploit. When this weakness is discovered, hackers write code that can be used to get access to the system through it.
This vulnerability is based on an open-source logging library used by many applications and enterprises. Hackers are currently already testing exploits for this vulnerability which can grant them access to an application and they can run malicious software on servers or devices.
What is the Log4 Shell/Log4J vulnerability?
Reported on 9.12.2021,log4j has been officially accorded a CVE number, CVE 2021-45046 was discovered as cybersecurity experts were attempting to patch the first Apache Log4j, CVE-2021-44228. It impacts one of the commonest logging libraries called Log4j 2 version. It is used by many applications for logging which enables developers to see all the activity of an application. According to checkpoint, reports show that the open-source Apache Log4j library has over 400,000 downloads from its Github project.
How serious is it and what should you do?
Exploiting this vulnerability could allow attackers to craft malicious input data with the help of a JNDI pattern, hence a denial of service(DOS) that could entirely throw you out of your system. It could also allow hackers to control java-based web servers and launch remote code execution (RCE) attacks which also gives them control over the system.
The biggest predicament is these libraries cut across applications yet the exploit gives full server control and is easy to execute. It can also affect you through third party software which can only be patched by the owners. This leaves you completely exposed.
According to checkpoint, the weakness can be exploited through HTTP and HTTPS (which is actually an encrypted browsing version),which makes it even worse.
Reports from check point and other cybersecurity entities show that the attacks are mostly currently targeted towards cryptocurrency mining at the expense of the victims. There are more exploit versions that are rapidly being released.
Apache has already released a patch, Log4j 2.16.0, for this issue which fixes the problem by removing support for message lookup patterns and disabling the JDNI functionality by default. In prior releases, you can as well remove the JDNILookup class from the path entirely. Immediate action is recommended to either patch or remove the JDNI, or take it out of the class path or all the above.
Article by Orishaba Famious
Product lead, Grey Armour
Create a site with Mobirise