Everything you need to know about Log4Shell and how keeping apps up to date can save your data


If you still haven’t heard of the discovered Apache Log4j vulnerability, you are at big risk now – MUST-READ!

Last Tuesday, on December 9, 2021, a high-level vulnerability that affects the core function of Log4j – CVE-2021-44228, aka Log4Shell or LogJam, was discovered by the Alibaba Cloud Security Team. Since then, the number of attacks exploiting the flaw has exceeded one million.

What is Log4j and why its vulnerability can affect the security of your data?

Log4j is an open-source Apache logging library that is commonly used in many applications to keep track of user activity within an application. A lot of Java-based applications and cloud services use Log4j logging library, like Apple iCloud, Amazon, Cisco, Cloudflare, Red Hat, Steam, Twitter. And now all these services are vulnerable.

The discovered vulnerability – Log4Shell – gives attackers the ability to run remote code execution (RCE) on vulnerable applications, which basically means that they can perform ANY action with your data with no authentication: the data can be stolen, deleted, encrypted, or hold for ransom! According to the CVSS scale, Log4Shell is rated with a score of 10 out of 10.

It’s been already thousands of confirmed attacks on companies’ data using CVE-2021-44228, which is not a surprise. What makes Log4shell especially dangerous is that Log4j library is used by millions of application vendors and the ease of attack executions with this vulnerability. So, experts expect even more attacks in the coming weeks.

Patching is the only option!

But the main question is – what can companies do to prevent the vulnerability of their data?

Patching and keeping your applications up to date!

Patching a single application isn’t that difficult, but each application must be tested to be sure that the updated app works properly. While patching applications is extremely time-consuming, it’s a top priority for all organizations to keep their data secure.

How Scappman can help to protect data in your company?

If you still haven’t heard of Scappman – now it’s the time! Scappman is a must to prevent damage from Log4j vulnerability because we update third-party and private apps for you, so you can be sure that the latest versions of apps are installed on every computer and your data is secure. No need to spend days patching a single application!

P.S. A non-exhaustive list of vulnerable software you can find here: https://github.com/NCSC-NL/log4shell/tree/main/software

Related posts