Connect with us


Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.



log4j vulnerability to wreak havoc on the internet for years to come

As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.

The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.

Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.

“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.

In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.

That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.

Also Read: How To Enable WhatsApp Disappearing Messages For All Chats

Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.


📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Initial Trials Of Dubai’s Driverless Evocargo Trucks Completed

Testing was announced on July 17, and the completion is a major milestone towards upgrading the region’s logistics infrastructure.



initial trials of dubai's driverless evocargo trucks completed
Dubai Media Office

A Dubai-based company has completed the initial trials for the UAE’s first driverless trucks. The groundbreaking achievement by Evocargo, partnering with Dubai South, took place at Dubai South Logistics District, and marked a significant step towards incorporating autonomous technologies into the region’s wider logistics infrastructure.

Announced on Wednesday, July 17th, the trials featured the Evocargo N1 unmanned electric truck navigating a predetermined route within a controlled setting. The test involved interactions with common road obstacles such as cars, trucks, and pedestrians, aiming to evaluate the vehicle’s hardware and software reliability, accident prevention systems, and overall readiness for public road use.

Officials were keen to highlight that this accomplishment aligns with the UAE’s ambitious strategy to position itself as a global leader in innovation and technology adoption. The country aims to have 25% of all transportation in Dubai autonomous by 2030, underscoring its commitment to revolutionizing the logistics sector using advanced technologies.

Mohsen Ahmad, CEO of the Logistics District at Dubai South, emphasized the importance of the collaboration with Evocargo in enhancing the region’s logistics capabilities. He noted that autonomous vehicles are set to increase efficiency, reduce carbon emissions, and establish a sustainable logistics infrastructure that will benefit both Dubai and the wider UAE.

Also Read: Riyadh Developers Reveal New 45,000-Seat Murabba Stadium

Ahmed Al-Ansi, CEO of Evocargo Autonomous Logistic Services, also expressed optimism that the trials will draw new customers and investments across the Gulf Cooperation Council (GCC) countries. The partnership aims to lead in innovative tech solutions, further establishing the UAE as a pioneer in autonomous transportation.

The successful completion of the trials marks a crucial step towards realizing the UAE’s vision for a technologically advanced and sustainable future in which autonomous vehicles are expected to play a pivotal role in global logistics.

Continue Reading