Nexix Security Labs
Log4j Software Vulnerability
Ceki Gülcü created Apache Log4j, which is a Java-based logging software. It's part of the Apache Software Foundation's Apache Logging Services project. One of the numerous Java logging frameworks is Log4j.
Log4Shell, a new vulnerability, is being hailed as one of the biggest cybersecurity weaknesses ever identified. The flaw is based on an open-source logging library that is widely utilized by businesses and even government agencies. According to multiple sources, hackers are already testing exploits for this weakness, which provides them access to an application and might potentially allow them to run malicious software on a device or servers.
But what is the Log4Shell vulnerability and whom all are impacted?
What is the Log4Shell vulnerability?
The vulnerability was discovered on December 9, while some accounts claim it was discovered on December 1 and was highlighted by Chen Zhao Jun of Alibaba Cloud Security. The vulnerability is known as Log4Shell and has the CVE ID CVE-2021-44228 (CVE number is the unique number given to each vulnerability discovered across the world).
The issue affects Log4j 2 versions, a popular logging library used by applications throughout the world. Logging allows developers to see all of an application's activity. This open-source library is used by Apple, Microsoft, and Google, as well as enterprise applications from Cisco, Netapp, CloudFlare, Amazon, and others.
According to cybersecurity firm Check Point, the open-source Apache Log4j library has had over 400,000 downloads from its GitHub repository. The flaw is significant because it might allow hackers to take control of Java-based web servers and launch remote code execution (RCE) attacks. To put it another way, the vulnerability might allow a hacker to take control of a system.
What makes the problem so serious, according to cybersecurity firm LunaSec, is that this library is "ubiquitous" across applications, and the exploit grants full server control and is simple to execute. It considers this vulnerability to be quite severe.
The issue "may be exploited either over HTTP or HTTPS (the encrypted version of browsing)," according to Check Point, adding to the concerns.
Is the vulnerability being exploited by cybercriminals?
According to Check Point Research, most of the assaults they've seen seem to revolve around the usage of bitcoin mining at the expense of the victims. New variants of the original exploit, on the other hand, are being introduced at a quick pace, according to the corporation in a blog post.
According to LunaSec, it will most likely affect Apple's iCloud and the online gaming provider Steam. According to some users on Twitter, merely changing an iPhone's name in the Settings app to a Java string code allows them to see the program logs.
Meanwhile, the Cyber Emergency Response Team (CERT) of New Zealand has issued a statement claiming that the vulnerability may give an attacker complete control of the compromised server and that it is being "actively exploited in the wild."
This threat should not be overlooked, according to Lotem Finkelstein, Director, Threat Intelligence and Research at Check Point Software Technologies-
"At first glance, this appears to be aimed at crypto miners, but we believe it provides exactly the kind of background noise that serious threat actor will try to exploit to attack a wide range of high-value targets including banks, state security, and vital infrastructure," he said.
What have the affected tech companies said?
Minecraft, which is owned by Microsoft, was one of the first to recognize the problem, issuing a statement stating that the Java edition of the game was in grave danger of being hacked. The issue has been "handled with all versions of the game client patched," according to the company's announcement, but players must still take extra precautions to secure the game and their servers.
Google said it is "currently assessing the possible effect of the vulnerability on Google Cloud products and services" in a statement. This is a live event, and we'll keep you updated through our customer communication channels."
"Successful exploitation of this vulnerability could lead to leakage of sensitive information addition or change of data or Denial of Service (DoS)". According to NetApp, which provides data management solutions for the Cloud.
Cisco has acknowledged that some of its products, including the widely used Cisco Webex Meeting server, are vulnerable and it is examining whether there are any more. Cloudflare, a provider of web infrastructure, has also issued a statement urging clients to update Log4j versions and apply the updated software patchware. VMware, an enterprise software company, published a statement stating it too, has witnessed exploitation attempts and that the hole affects some of its core products. Apple has yet to comment on the situation.
For more information visit us on: www.nexixsecuritylabs.com
To schedule an audit you can contact us at: email@example.com
Your Security | Our Concern