What you need to know about Log4j and how to protect yourself from software flaws


Due to flaws in widely used Internet software, businesses and government officials are struggling to address potentially obvious cybersecurity threats to global computer networks.

Previously undiscovered bugs hidden in software known as Log4j, according to cybersecurity experts, could benefit criminals and national hackers. US officials made an emergency call on Monday with a company operating a critical infrastructure. Hundreds of millions of devices are likely to be affected and could be exploited by a variety of threat actors, officials say.

Here’s what we know about Log4j’s flaws:

What is Log4j?

Software developers use the Log4j framework to record user activity and application behavior for later review. Freely distributed by the non-profit Apache Software Foundation, Log4j has been downloaded millions of times and is the most widely used tool for gathering information across corporate computer networks, websites, and applications. It is one of.

How can hackers exploit the Log4j vulnerability?

A flaw in Log4j disclosed by Apache on December 9th allows an attacker to execute code remotely on the target computer. That is, an attacker can steal data, install malware, or control it. Some cybercriminals have installed software that uses hacked systems to mine cryptocurrencies, while others have attackers due to large-scale attacks on Internet infrastructure. We have developed malware that can hijack your computer.

Security experts are particularly concerned that this vulnerability could give hackers a sufficient foothold to install ransomware. Ransomware is a type of computer virus that locks data and systems until an attacker receives payment from a victim. For large companies, these ransoms can add up to millions of dollars. The attack could also cause widespread disruption, including a 6-day outage of the largest fuel pipeline on the East Coast, which infected Colonial Pipeline’s system in May.

“Obviously, this vulnerability poses a serious risk,” Jen Eastary, director of cybersecurity and infrastructure security agencies, said in a statement released Sunday.

How widespread are Log4j’s flaws?

Systems that connect to the Internet and back-end systems may contain this vulnerability. Log4j software is widely used in business software development. “Millions of servers are probably at risk,” said Lou Steinberg, founder of technology incubator CTM Insights LLC. An Apache spokeswoman said it is impossible to track the reach of the tool due to the nature of how Log4j is inserted into various software.

CISA Information page With recommendations.

Which technology suppliers are affected by the Log4j vulnerability?

Many, and list Growing up.Some of them

Apple Ltd,

Amazon.com Ltd,

Cloudflare Ltd,


Microsoft Corp.

Mine Craft,

Palo Alto Networks Ltd


twitter Ltd

Some technology companies issue alerts and guidance to their customers on how to reduce risk.

How can a company fix a Log4j issue?

WSJPro Cyber ​​Security Details

CISA recommends that you immediately identify Internet-connected devices with Log4j and have your security team respond to alerts related to these devices. Also, install a web application firewall with automatically updated rules to help your team focus on fewer alerts.

Several patches and technical guidance are available. The Apache organization recently released several updates and Upgrade recommended To the latest version of the Log4j tool.

Oracle Ltd

We released our own patch on Friday.Microsoft A series of steps To reduce the risk of misuse, such as contacting your software application provider to make sure you are using the latest version of Java, including patches.

Instead of the patches available, Theresa Walsh, Global Head of Intelligence for Financial Services Information Sharing and Analytics Center, recommends that businesses limit unnecessary outbound Internet traffic.

“Companies can reduce their risk by reducing their exposure,” she said.

Write to David Uberti david.uberti@wsj.com , James Rundle at james.rundle@wsj.com And Kim S. Nash kim.nash@wsj.com

Copyright © 2021 DowJones & Company, Inc. all rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

What you need to know about Log4j and how to protect yourself from software flaws

Source link What you need to know about Log4j and how to protect yourself from software flaws

The post What you need to know about Log4j and how to protect yourself from software flaws appeared first on Eminetra.


Please enter your comment!
Please enter your name here

Share post:


More like this

Here’s How Bitcoin’s Downtrend May End

Bitcoin may need to close above $26,000 in order...

“When This Rifle Is The Only Thing Standing Between Your Family And a Dozen Angry Democrats In Klan Hoods…”

EPIC: Arizona Congressional Candidate Jerone Davison Exposes The RACIST...

Dismissed Tesla workers file an urgent plea and claim a small severance pay

Two layoffs Tesla Workers filed an emergency motion on...

This is how Bored Apes Yacht Club [BAYC] is back from the burrows

The Bored Ape Yacht Club (BAYC) collection is back...