Apache Log4J – Is It The Biggest Computer Vulnerability in Decades?
IT December 14th 2021The internet has been put on high alert after Apache Software Solution reported a critical security flaw in Log4j, Log4jShell. Apache Log4j is an open-source software application used worldwide by many organizations.
Experts are calling the Log4j vulnerability one of the most serious software flaws in the last 10 years. The chief technology officer for cybersecurity firm Mandiant Inc., Charles Carmakal said, “This is probably the worst security vulnerability in at least the last 10 years — maybe longer”.
This is because the flaw in Log4j could allow unrestrained access to computer systems. Further, the faulty computer code is not just baked into a single piece of software, but within a piece of software, which is being utilized by a number of software companies. As such, updating it can be a diligent process.
“To be clear, this vulnerability poses a severe risk,” said Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency. “Hence vendors must immediately identify, mitigate, and patch the wide array of products using this software,” she added.
Also Read: Pagely is Acquired by GoDaddy
Why is Log4j Difficult to Deal With
It is critical to fix susceptible systems for affected customers because the Log4j 2 bug is considered extremely easy for hackers to exploit. Above all, experts have apparently found evidence that intruders are already using the flaw to launch assaults, including a number of crypto-mining malware. No doubt, intruders are trying more than 100 times per minute to exploit a serious security weakness in this widely used Java logging system.
Because of its severity, the U.S. Government’s cybersecurity agency has warned global companies to fix the flaw. Every security team must look for ways to minimize the vulnerability. And if we fail to do so, millions of organizations would be in danger of cyber theft.