Log4Shell, a flaw on the Internet – Sciences et Avenir

Each program, each application used in a computer network generates its activity log. Errors, connections, downloads, error messages, any event related to the program is logged (it is with these “logs” that cybersecurity specialists can detect suspicious activities). Many web applications use the same open source logging software, Log4j. However, since the beginning of December 2021 there has been panic: an expert from the Chinese web giant Alibaba has discovered a security flaw in Log4j. It was notified to the Apache web servers open source platform on November 24 before going public on December 9.

A defect called “zero day”

“Log4j is a module that is used in all Apache web servers, the list of sites in question is very long”, explains Pascal Le Digol, director for France of the American computer security company WatchGuard. Called Log4Shell, the vulnerability in question is not the result of an attack, it is simply an error, a defect, undoubtedly present since 2017. It is a defect called “zero day”, that is, it had never been detected by those who may suffer it . On the other hand, it is quite possible that the cybercriminals knew about it.

This flaw allows them to inject malicious code into the registry logs to remotely execute it in order to wipe data, control the target application, use the victim’s computing power to mine digital currency, lock it. Here to demand a ransom, etc. Technically, it is not difficult to seal. The problem is that it is also very easy to use. And nothing says that criminals did not take advantage of it before its discovery and placed devastating snippets of code that will take effect later, despite the fact that Log4j has been “patched”.

The province of Quebec has prevented 3,992 web services!

“In terms of cybersecurity, Pascal Le Digol warns, if a well-intentioned researcher has found a problem, there is no reason why another, malicious, has not found it as well.” And unlike the first, which you must prevent, the second is generally discreet. So it is a sword of Damocles hanging on many websites. To the point that the province of Quebec, in Canada, has preferred to preventively close all its web services, that is, 3,992 sites.

Web services company Cloudlflare believes there were ransomware attacks exploiting the vulnerability around December 1-2, prior to publication. Cybersecurity firm Checkpoint has seen an influx of attacks through Log4j since December 10. As for Microsoft and another US cybersecurity specialist, Mandiant, they believe China and Iran have already started using the loophole.

PHP Script, Elementor Pro Weadown, WordPress Theme, Fs Poster Plugin Nulled, Newspaper – News & WooCommerce WordPress Theme, Wordfence Premium Nulled, Dokan Pro Nulled, Plugins, Elementor Pro Weadown, Astra Pro Nulled, Premium Addons for Elementor, Yoast Nulled, Flatsome Nulled, Woocommerce Custom Product Ad, Wpml Nulled,Woodmart Theme Nulled, PW WooCommerce Gift Cards Pro Nulled, Avada 7.4 Nulled, Newspaper 11.2, Jannah Nulled, Jnews 8.1.0 Nulled, WP Reset Pro, Woodmart Theme Nulled, Business Consulting Nulled, Rank Math Seo Pro Weadown, Slider Revolution Nulled, Consulting 6.1.4 Nulled, WeaPlay, Nulledfire

Back to top button