{"id":153834,"date":"2021-12-16T20:55:18","date_gmt":"2021-12-16T15:25:18","guid":{"rendered":"https:\/\/blog.forumias.com\/?p=153834"},"modified":"2021-12-16T20:55:18","modified_gmt":"2021-12-16T15:25:18","slug":"why-does-the-log4shell-vulnerability-have-tech-firms-worried","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/why-does-the-log4shell-vulnerability-have-tech-firms-worried\/","title":{"rendered":"Why does the Log4Shell vulnerability have tech firms worried?"},"content":{"rendered":"\n<p><strong>News: <\/strong>A new vulnerability named Log4Shell is being touted as one of the worst cybersecurity flaws to have been discovered.<\/p>\n<h5><strong>What is the Log4Shell vulnerability?<\/strong><\/h5>\n<p>The Log4Shell vulnerability is a flaw in one of the most widely used <strong>server software<\/strong>. It is a remote code execution (RCE) vulnerability, which means <strong>attackers can use it to remotely execute arbitrary code<\/strong> on a server and steal data.<\/p>\n<p>It is a <strong>vulnerability in a logging library<\/strong> that is used by almost every big company in the world, including Apple Inc., Microsoft Corp., Amazon.com Inc., Google LLC, and more.<\/p>\n<p>Logging libraries allow developers to monitor their applications and catch bugs. The vulnerability has been given a 10\/10, the highest severity rating for such vulnerabilities. However, Log4Shell doesn\u2019t affect users directly.<\/p>\n<h5><strong>Why it is a serious issue?<\/strong><\/h5>\n<p><em><strong>Firstly,<\/strong><\/em> its exploitation could allow hackers to control Java-based web servers and launch what are called \u2018remote code execution\u2019 (RCE) attacks.<\/p>\n<p><em><strong>Secondly,<\/strong><\/em> since this library is present everywhere across applications, the vulnerability could allow the attacker full control of the affected server.<\/p>\n<p><em><strong>Thirdly,<\/strong> <\/em>successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).<\/p>\n<h5><strong>Is the vulnerability being exploited by hackers?<\/strong><\/h5>\n<p>Security\u200afirm Checkpoint\u200aResearch said it had documented 846,000 attacks on corporations in the first 72 hours of the \u201coutbreak\u201d.<\/p>\n<p>And <strong>41% of corporate networks in India<\/strong> had faced an attempted exploit.<\/p>\n<p>Companies like Google, Microsoft, and Cisco Systems Inc. say their programs and applications have been affected.<\/p>\n<p>In the future, serious threat actors will try to exploit this vulnerability to attack a whole range of high value targets such as banks, state security and critical infrastructure.<\/p>\n<h5><strong>How does one protect against Log4Shell?<\/strong><\/h5>\n<p><strong>For Minecraft players<\/strong>: They have to ensure that they are on the newest client of the game that consists of a fix for the issue.<\/p>\n<p><strong>For corporations<\/strong>: A patch was issued for the vulnerability on 13<sup>th<\/sup> December, and technology teams will have to ensure that this is incorporated in their systems.<\/p>\n<p><strong>Source:<\/strong> This post is based on the article \u201c<strong>Why does the Log4j vulnerability have tech firms worried?\u201d<\/strong> \u00a0&amp; \u201c<strong>Why Log4Shell is the worst security issue in\u200aa decade<\/strong>\u201d published in the <strong>Indian Express <\/strong>and<strong> Livemint<\/strong> on <strong>16<sup>th<\/sup> Dec<\/strong> <strong>2021<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>News: A new vulnerability named Log4Shell is being touted as one of the worst cybersecurity flaws to have been discovered. What is the Log4Shell vulnerability? The Log4Shell vulnerability is a flaw in one of the most widely used server software. It is a remote code execution (RCE) vulnerability, which means attackers can use it to&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/why-does-the-log4shell-vulnerability-have-tech-firms-worried\/\">Continue reading <span class=\"screen-reader-text\">Why does the Log4Shell vulnerability have tech firms worried?<\/span><\/a><\/p>\n","protected":false},"author":10316,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1230,9],"tags":[216,10500,10587],"class_list":["post-153834","post","type-post","status-publish","format-standard","hentry","category-9-pm-daily-articles","category-public","tag-gs-paper-3","tag-indian-express","tag-log4shell","entry"],"jetpack_featured_media_url":"","views":{"total":0,"cached_at":"","cached_date":1704782787},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/153834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10316"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=153834"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/153834\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=153834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=153834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=153834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}