Connect with us

News

Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.

Published

3 years ago

on

log4j vulnerability to wreak havoc on the internet for years to come

As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.

The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.

Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.

“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.

In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.

That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.

Also Read: How To Enable WhatsApp Disappearing Messages For All Chats

Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.

Related Topics:
Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 17K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

UAE Prepares To Launch Two Satellites: Thuraya-2 And MBZ-SAT

HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum chaired the first meeting of the Supreme Space Council yesterday.

Published

1 week ago

on

December 17, 2024

By

uae prepares to launch two satellites thuraya-2 and mbz-sat

HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Deputy Prime Minister of the UAE, chaired the first meeting of the Supreme Space Council in Dubai on December 16, 2024. The session highlighted the UAE’s ambitious space plans and took stock of the sector’s economic progress.

The council emphasized the growing role of private companies in advancing space technologies, noting that their contributions are now equal to that of the public sector. Members also praised initiatives like the Space Economic Zones Programme, which are designed to fuel innovation and investment in the space industry.

Discussing the UAE’s space journey, HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum remarked, “The national space sector continues to grow and advance, and we take immense pride in the remarkable achievements we have accomplished over the years”.

Sheikh Hamdan also received updates on two upcoming satellite projects: Thuraya-2 and MBZ-SAT. Thuraya-2, developed by Space42, is slated for launch this December. Meanwhile, the MBZ-SAT, created by the Mohammed Bin Rashid Space Centre (MBRSC), will soon follow. MBRSC, a major driver of the UAE National Space Programme, continues to lead the nation’s space-related developments.

Space42 took the opportunity to showcase its advancements, including ongoing collaborations between public and private entities. The company also outlined strategies to promote innovation, boost revenue streams, and create new opportunities for growth in the sector.

Also Read: IBM Opens New Doha Office To Support Qatar’s Digital Growth

The UAE’s current projects build on a growing legacy of space exploration. Back in 2020, the nation made headlines with its Mars mission, successfully sending a probe into the planet’s orbit in 2021. This mission, which is now in its second phase as of June 2024, has been collecting critical data to develop a comprehensive diurnal image of Mars.

The UAE also ventured into lunar exploration with an unmanned mission aimed at studying untouched regions of the Moon’s surface. While the probe ultimately crashed during its landing attempt after communication was lost seconds before touchdown, the effort represented a significant step in the country’s exploration ambitions.

Continue Reading

#Trending