Hear a decade started where we are now keep facing challenges to impacting all human kind either by natural disasters, diseases or man made issues.<\/p>\n
As covid is breaking complete world from past 2 years, in between people about to face one more new challenge which is quite breaking complete IT industry which is the only thing which is quite stable at the time of world lockdown as well.
\nRecently tech giants of world are focusing on the top cybersecurity thread raised from the open source software log4j. The major companies involve to fix this thread is Amazon, IBM, Microsoft, Apple, Oracle and Cisco.<\/p>\n
Companies keep sharing their matches to the customer to upgrade their softwares to minimize the attack of log4j threat. A Dutch researcher, Cas van Cooten, said he discovered the bug on Apple Inc.\u2019s servers, potentially giving him a way of running code within Apple\u2019s network. Mr. van Cooten said he immediately reported the issue to Apple. \u201cIt would have been trivial for a malicious hacker to weaponize this,” he said. An Apple spokesman didn\u2019t respond to messages seeking comment.<\/p>\n
\u201cOur teams are looking into it, but we have no details to share at this time,” a Twitter spokeswoman said via email Friday. A LinkedIn spokeswoman said via text message that \u201cwhile we\u2019re responding to this, just as security teams at many companies are, we\u2019re not experiencing any active issue.”<\/p>\n
It isn\u2019t the first time the open-source software has sparked security worries. In 2014, internet users world-wide were urged to reset their passwords after another issue\u2014known as Heartbleed\u2014was discovered in OpenSSL, an obscure yet similarly ubiquitous piece of internet software built by volunteers.<\/p>\n
Log4j is used on servers to keep records of users\u2019 activities so they can be reviewed later on by security or software development teams.<\/p>\n
As per Mr Goers told Because Log4j is distributed free, it is unclear how many servers are affected by the bug but the logging software has been downloaded millions of times.<\/p>\n
Because all sorts of data is logged by servers\u2014everything from email addresses to web navigation requests\u2014these attempts could give attackers a foothold on a vulnerable server deep in corporate networks, said Ryan McGeehan, an independent security consultant who was formerly a director of security at Facebook. \u201cA successful attack is like creating a wormhole,” he said. \u201cThe attacker can\u2019t be sure where they\u2019ll end up.”<\/p>\n
Word of the vulnerability first came to light on sites catering to users of Minecraft, the best-selling game of all time. The sites warned that hackers could execute malicious code on servers or clients running the Java version of Minecraft by manipulating log messages, including from things typed in chat messages. The picture became more dire still as Log4j was identified as the source of the vulnerability, and exploit code was discovered posted online. \u201cThe Minecraft side seems like a perfect storm, but I suspect we are going to see affected applications and devices continue to be identified for a long time,\u201d HD Moore, founder and CTO of network discovery platform Rumble, said. \u201cThis is a big deal for environments tied to older Java runtimes: Web front ends for various network appliances, older application environments using legacy APIs, and Minecraft servers, due to their dependency on older versions for mod compatibility.\u201d<\/p>\n
Log4j is a library that is used by many Java applications. It\u2019s one of the most pervasive Java libraries to date. Most Java applications log data, and there\u2019s nothing that makes this easier than Log4j.
\nThe challenge here is finding Log4j because of the way Java packaging works. It\u2019s possible you have Log4j hiding somewhere in your application and don\u2019t even know it.<\/p>\n
The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.<\/p>\n
The only thing we can do right now is to spread as much as awareness, Update the latest patches by parent company for bugs, fixes in your system related to log4j and log4shell and keep tracking your system for minor to minor unwanted issue raised in your system.<\/p>\n