Showing posts with label security updates. Show all posts
Showing posts with label security updates. Show all posts

Monday, December 13, 2021

Security Update: Critical vulnerability in Apache Log4j library

 


A newly found zero-day vulnerability in Apache Log4j, a widely used Java logging library, is simple to exploit and allows attackers to take complete control of vulnerable systems.

The vulnerability, identified as CVE-2021-44228, is rated as severe and allows for unauthenticated remote code execution if the user running the application uses the Java logging library. 

A zero-day vulnerability in Log4j has been found, and it affects iCloud, Minecraft, Steam, and other services.

The Log4j vulnerability, which affects the Java logging framework, has been identified to be susceptible in cloud services like Steam and Apple iCloud, as well as apps like Minecraft.

HIGHLIGHTS

  • Digital systems all across the Internet have been affected by a vulnerability in Log4j, a widely used logging framework.
  • The logging library vulnerability is simple to exploit, as it allows attackers to take entire control of affected servers.
  • Minecraft isn't the only platform affected; the vulnerability in Log4j appears to have infected the whole Java environment. 

Examining log files for any services implementing vulnerable Log4j versions might help organisations figure out whether they're affected.

Users should set log4j2.formatMsgNoLookups=True to minimise vulnerabilities by adding "Dlog4j2.formatMsgNoLookups=True" to the JVM command for launching the application.

It is critically advised that Log4j versions be upgraded to log4j-2.15.0-rc1 to prevent the library from being attacked.

"We recommend all businesses to adopt an assumed breach approach and analyse logs for vulnerable apps for odd behaviour if you feel you may be impacted by CVE-2021-44228," says the advisory.

"If abnormalities are discovered, we advise you to presume this is an active event and that you have been hacked, and to respond appropriately." 

For all the latest Security Updates, Reach us. 

Thanks and regards, 

Priyadharshini | Cyber Security Services | Cloud Security Services

SOC Outsourcing: Solutions for SaaS Third-Party Risk Management

As businesses increasingly adopt Software-as-a-Service (SaaS) solutions, managing third-party risks becomes a critical aspect of maintaining...