Log4j Vulnerability Guide
It has been two weeks since the new global incident of Log4j/Log4Shell vulnerability has been identified in the open-source Apache logging library. Multiple security vendors raised the alert that this vulnerability can affect multiple IT devices running Java Framework and their logging system.
The vulnerability was initially discovered by Minecraft players that stumbled upon an easily-exploited bug called Log4j. Players gained “remote code access” i.e. the ability to take full control of a console/computer from afar as if you were sitting right in front of the machine yourself.
The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox. It allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control of your devices. Several Cybersecurity vendors reported that cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure.
In case you have access to an Apache Web Server or a Haproxy Load Balancer, hosted on your servers or within the device you are using, we strongly encourage you to initiate a vulnerability scan to verify that you are not using Log4j as a logging utility.
If your devices are using the Log4j logging system, here are some tutorials from various Security and Software vendors that could guide you on how to fix or mitigate the current issue:
*MassiveGRID is not using Log4j as a logging library. Moreover, our Security Experts are constantly performing proactive vulnerability scans. No issues have been detected that could affect our services.