Connect with us


Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.



log4j vulnerability to wreak havoc on the internet for years to come

As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.

The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.

Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.

“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.

In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.

That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.

Also Read: How To Enable WhatsApp Disappearing Messages For All Chats

Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.


Get Exclusive Monthly Updates, Tech Tips & Free Crypto Signals Right In Your Inbox 😎


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Samsung’s New Exynos 2200 Smartphone Chip Comes With AMD Xclipse GPU

The new GPU will enable next-level mobile gaming experiences, support 200 MP camera sensors, and ensure smooth performance under all circumstances.




samsung's new exynos 2200 smartphone chip comes with amd xclipse gpu

Samsung’s Exynos smartphone series of ARM-based system-on-chips (SoCs) traditionally comes with Mali GPUs, but the company’s new premium SoC is breaking this tradition by featuring an Xclipse GPU with AMD’s RDNA 2 graphics architecture.

The new GPU, together with 8 Armv9 CPU cores (1 powerful Cortex-X2 core, 3 balanced Cortex-A710 cores, and 4 efficient Cortex-A510 cores) and an upgraded neural processing unit (NPU), are supposed to enable next-level mobile gaming experiences, support camera sensors with a resolution of up to 200 MP, and generally ensure smooth performance under all circumstances.

“Built on the most advanced 4-nanometer (nm) EUV (extreme ultraviolet lithography) process, and combined with cutting-edge mobile, GPU and NPU technology, Samsung has crafted the Exynos 2200 to provide the finest experience for smartphone users” said Yongin Park, President of System LSI Business at Samsung Electronics.

Samsung named its new GPU “Xclipse” to reflect the fact that it’s positioned between console and traditional mobile graphic processors. The South Korean conglomerate believes that the GPU will bring an end to the old era of mobile gaming and usher in a new era characterized by features that have until now been associated primarily with PC gaming, such as hardware-accelerated ray tracing and variable rate shading.

Also Read: BlackBerry Has Officially Pulled The Plug On Older Devices

According to David Wang, Senior Vice President of Radeon Technologies Group at AMD, the Xclipse GPU is the first result of multiple planned generations of AMD RDNA graphics in Exynos SoCs, so fans of Samsung smartphones have a lot to look forward to in the future.

In addition to the already mentioned performance-oriented improvements, the Exynos 2200 integrates a better 5G modem capable of achieving speeds of up to 10 Gbps by utilizing both 4G LTE and 5G NR signals at the same time. The SoC’s Integrated Secure Element (iSE) can safely store cryptographic information for enhanced data security and privacy.

The Exynos 2200 is currently being mass-produced, and it’s expected that it will be one of the main selling points of the upcoming Galaxy S22 smartphone.

Continue Reading