A critical security vulnerability was found in the popular open-source log management and analysis tool, Log4j. The vulnerability could allow an attacker to execute unauthorized commands on a computer running Log4j.
Log4j is an open-source log management and analysis tool created by the Apache Software Foundation. It is primarily used in Java applications to collect, manage, and record users activities. Since it's release, Log4j has been downloaded millions of times and is one of the most widely known tools used in many popular applications and software systems.
The Log4j critical vulnerability had been discovered last week and could have devastating effects to the entire internet.
It's important to understand how this vulnerability works. An attacker would be able to execute unauthorized remote commands on a computer running Log4j without the user/organizations knowledge/approval by sending a specially crafted request to the server. These requests can lay dormant for years without knowledge and execute dangerous ransomware/malware. According to David Kennedy, CEO of cybersecurity firm TrustedSec, "This will take years to address, while attackers will be attempting to exploit it on a daily basis."
The list of potential victims of this exploit covers nearly a third of web servers in the world. Microsoft, Google, Amazon, Apple, IBM, Cisco, Twitter, Oracle as well as gaming giant Minecraft are just a FEW of the titans to utilize this software. This flaw is being considered the biggest cybersecurity risks in decades. As a result of the worldwide usage of Log4j, this leaves critical resources like power, energy, food, water, communications, e-commerce vulnerable to exploitation.
Most of us, are likely utilizing Log4j in some way shape or form. You should do your due diligence and take steps to protect your organization from this exploit.
Additionally, all organizations should have a robust security plan in place that includes understanding potential vulnerabilities like this one and implementing appropriate safeguards against them.