Skip to content
WaveTechGlobal

WaveTechGlobal

Ahead of the tide

Primary Menu
  • Home
  • Tech Gurus
  • Mobile Gurus
  • Game Gurus
  • Pokemon
  • Smart Home Gurus
  • Home
  • Latest
  • Log4j turns out to be far more dangerous; CISA orders fixing
  • Latest

Log4j turns out to be far more dangerous; CISA orders fixing

Dorian Stewart December 15, 2021 3 min read
143

In the last few years, two widely used open-source software packages have been found to be vulnerable and need to be fixed. The first is Log4j and in 2018 was discovered that it had security flaws which could allow attackers to gain root access on systems running it. The second package is CISA, a library for building secure application that can easily handle large amounts of data with encryption. In January 2019, an oversight by developers led them not notice some issues stemming from a recent refactor

CISA (Cybersecurity and Infrastructure Agency) has issued an order to federal civilian agencies to patch systems vulnerable by the Log4Shell vulnerability by Christmas night, in what is turning out to be one of the biggest security holes ever uncovered. The vulnerability, along with 12 other security issues, has been added to the agency’s list of actively exploited vulnerabilities.

Alibaba’s Cloud Security team originally disclosed the issue on November 24. On December 9, the initial proof-of-concept was released on Github, and the vulnerability has been extensively abused since then.

According to a clear schedule specified in the catalogue, federal entities have ten days to assess whether internal applications and servers utilize the compromised Log4j library, confirm if they’re susceptible, and implement updates by December 24.

To resolve a significant vulnerability impacting the Apache log4j #software library, we’re working closely with our public and private sector partners. Threat actors are extensively exploiting this vulnerability, making it a critical task to patch: 1/2 utbcDZBtPv https://t.co/utbcDZBtPv

— December 13, 2021, Cybersecurity and Infrastructure Security Agency (@CISAgov)

The CISA has also developed a website to educate the public and business sectors in the United States about the risk. Royce Williams, a security researcher, has already compiled a list of over 300 companies to determine who is and isn’t affected by the flaw. Another comparable list is maintained by the Dutch National Cyber Security Center.

Hack DHS: The Department of Homeland Security’s bug bounty program, which rewards up to $5000.


Patches for the log4J library have been made available, and the Apache Foundation has published an official upgrade to address the vulnerability. However, due to the large extent of the library’s implementation, testing for vulnerabilities and distributing updates will be difficult.

Despite the fact that the issue was just found a few days ago, it’s already been dubbed one of the biggest security vulnerabilities ever owing to its broad usage among corporate software developers and simplicity of exploitation. Also, it has the ability to take over whole systems.

Attackers from China are aggressively seeking to exploit the weakness, according to both Microsoft and Mandiant. North Korean, Iranian, and Turkish terrorists are also exploiting the technique, according to Microsoft.

Phosphorus, an Iranian danger, and Hafnium, a Chinese threat, have both aggressively experimented with the problem.

The number of assaults has also increased dramatically. Since the assaults using the vulnerability started, Checkpoint stated that the number of attacks had risen to over 40,000 by Saturday, 200,000 by Sunday, and 800,000 by Monday, affecting roughly half of all business networks.

Three initial measures are recommended by CISA:

1Count the number of internet-facing Log4j endpoints.

2Confirm that your #SOC is responding to all alerts on devices that fall within the categories listed above.

3Install a web application firewall that is updated automatically. 2/2

— December 13, 2021, Cybersecurity and Infrastructure Security Agency (@CISAgov)

Malware and botnet operators have already taken advantage of the flaw, and ransomware gangs are anticipated to follow suit shortly.

Attacks are becoming more complex, according to Lunasec, as they overcome WAFs and get beyond the initial line of defense. Furthermore, the cybersecurity company warns that the issue might become worse if another vulnerability emerges, robbing users of whatever mitigations they’ve set in place.

In the News: In 2022, the Android 12 Go version will be available for low-end devices: 5 distinguishing characteristics

When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.

Watch This Video-

Continue Reading

Previous: Guide For Selecting Electrical Repair Box
Next: 5 Influential Transformational Leadership Statistics For 2022

Trending Now

Can Other People See Your Likes On Twitter spac 4b5bstreetjournal 1

Can Other People See Your Likes On Twitter

September 29, 2022
Can You Put Music On Your Instagram Profile or Account jeff national enquirer amazonstonebloomberg 2

Can You Put Music On Your Instagram Profile or Account

September 29, 2022
Can you find the animal on the Galapagos Islands 3

Can you find the animal on the Galapagos Islands

August 21, 2022
What is the importance of facebook messenger full screen cybersecurity proofpoint facebook facebookcimpanu 4

What is the importance of facebook messenger full screen

August 20, 2022
Clan Guide Blade and Soul Revolution 5

Clan Guide Blade and Soul Revolution

August 18, 2022
Catch ’em all with quick balls 6

Catch ’em all with quick balls

August 14, 2022

Related Stories

How Can I Increase My Energy Slowly?
5 min read
  • Latest

How Can I Increase My Energy Slowly?

January 24, 2023 29
Enjoy All the Perks of Buying the CAS-004 Exam PDF and Testing Engine
4 min read
  • Latest

Enjoy All the Perks of Buying the CAS-004 Exam PDF and Testing Engine

December 23, 2022 57
Avoid The Worst Of Human Nature
3 min read
  • Latest

Avoid The Worst Of Human Nature

October 28, 2022 125
The Most In-Demand IT Services in 2022 and Beyond
3 min read
  • Latest

The Most In-Demand IT Services in 2022 and Beyond

October 24, 2022 188
9 Amazing Tips to Make Killer Viral Instagram Videos
5 min read
  • Latest

9 Amazing Tips to Make Killer Viral Instagram Videos

October 17, 2022 153
7 Ways to Make Money Fast As a Woman
4 min read
  • Latest

7 Ways to Make Money Fast As a Woman

October 17, 2022 146

Recent Posts

  • The Leading Online Casinos For Playing Slots
  • How to Maximize Your Study Sessions Using Technology
  • How Can I Increase My Energy Slowly?
  • How to Make Your Instagram Account Stylish?
  • The Future of Television Technology

Categories

  • featurepost1 (3)
  • featurepost2 (4)
  • featurepost3 (4)
  • featurepost4 (5)
  • Game Gurus (23)
  • Latest (191)
  • Mobile Gurus (25)
  • Pokemon (66)
  • Smart Home Gurus (76)
  • Tech Gurus (26)

Tech Articles

Where is fullscreen on youtube 1

Where is fullscreen on youtube

August 18, 2022
What’s the big deal with bright covers 2

What’s the big deal with bright covers

August 14, 2022
What is Your Danganronpa 2 3

What is Your Danganronpa 2

August 11, 2022
What you need to know about GarageBand 4

What you need to know about GarageBand

August 8, 2022
What is the use of tab on ipad 5

What is the use of tab on ipad

August 6, 2022

Thanks to our partners!

  • About Us
  • Contact the Crew
  • Privacy Policy
  • T&C
Wave Tech Global © All rights reserved.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT