John Anthony Smith
A software service, Log4j, that most technical and non-technical people had never heard of came into the spotlight last week. The vulnerability, called “Log4j,” “Log4Shell,” and “Logjam,” discovered, and subsequently patched, allows Remote Code Execution. In non-technical terms, the Log4j vulnerability allows an attacker to execute unauthorized code on a computer with the flaw.
Log4j is an open-source software library provided by the Apache Software Foundation. Because the code is open source, the programmers responsible for the code are not being paid for creating the fix. To make matters worse, the code is prolific; it is embedded into hundreds of thousands of applications—including many that are exposed directly to the Internet.
This vulnerability is being leveraged in the wild against hundreds of thousands of companies. Basically, an attacker could leverage the flaw to install a remote access trojan to provide attackers with remote access to a vulnerable environment, even after the patches have been installed. The attacker could also leverage the flaw to execute ransomware, and ultimately encrypt everything that the Log4j-vulnerable system has access to.
Threat attackers are actively using this vulnerability. You should be patching your systems. Due to complexity, limited programmers, and the open-source nature of the code, there have been and will be many patches for Log4j. This vulnerability will be a problem for months and years to come.
There are some easy ways to mitigate and reduce your risks, such as implementing Crowdstrike with ThreatGraph, InsightEDR, Protect, OverWatch, and Spotlight. But, you must patch your systems.
Here are some resources:
* * *
John Anthony Smith can be reached at:
|
|
|
|
|
1513 Cowart Street
Chattanooga, TN 37408
|
|