Connect with us

News

Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.

Published

on

log4j vulnerability to wreak havoc on the internet for years to come

As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.

The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.

Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.

“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.

In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.

That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.

Also Read: How To Enable WhatsApp Disappearing Messages For All Chats

Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.

Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 16K+ SUBSCRIBERS

News

UAE Comes Out Strongly In Guinness World Records 2023

Guinness, the renowned cataloger of record-breaking events, has released its latest annual, after sifting through 40,000 applications — and the Arab world is heavily featured.

Published

on

uae comes out strongly in guinness world records 2023
Guinness

Guinness World Records, the authority on record-breaking global achievements, has just announced its latest release, “Guinness World Records 2023 (GWR2023),” which will be available online and in physical stores across the Arab region from today.

As usual, GWR 2023 features all of the latest achievements from around the world (and space!), with special features and updated graphics to bring the stories to life.

So why the interest in the latest Guinness installment? Well, it turns out the Arab Region is strongly represented in the book, with more than 50 records featured in the new edition, which is no mean feat considering the volume of competition.

“We’ve sifted through nearly 40,000 record applications over the past year to bring you Guinness World Records 2023. People from all walks of life continue to be fascinated by extremes, and we’ve received claims from across the planet – indeed, even from space! This is why I’ve said the new edition is out of this world,” says Craig Glenday, Guinness Editor in Chief.

Of interest to readers of this platform, Saudi Arabia and the United Arab Emirates both get to flex their record-breaking muscles.

deepest swimming pool in the world

World’s Deepest Swimming Pool

Saudi Arabia claims the title of “Largest LED Structure and Suspended Ornament” courtesy of the Noor Riyadh Festival, as well as other weird and wonderful titles, including the “Largest Lego Formula 1 Car”, as well as perhaps more prestigious honors, such as “Largest Mirrored Building”, “Largest Clock Face”, “Tallest Lighthouse” and the “Largest Geodesic Dome”.

largest mirrored building

World’s Largest Mirrored Building

Also Read: Fan Spends 7 Years To Create Super Mario Bros 5

Not to be outdone, the UAE has claimed several humanitarian record-breaking titles, including the “Longest Video Livestream” (by The Mohammed Bin Rashid Al Maktoum Global Initiatives and pan Arab influencer Hassan Suleiman), the “Largest Donation for Medical Treatment”, and the “Most Awareness Ribbons Made in One Hour”.

longest video livestream

World’s Longest Video Livestream

On the tech front, the UAE also claims several prestigious firsts, including “First 3D-Printed Laboratory”, while the world-renowned Burj Khalifa hangs on to its title of “World’s Tallest Building”.

Continue Reading

#Trending