Tech companies rush to fix the Log4j vulnerability or Log4Shell issue , experts are saying that it could allow. for the exfiltration of sensitive data in some circumstances.
In simple terms, the vulnerability could allow for data theft or unauthorised removal of the data from a device by cybercriminals.
The Log4j or Log4Shell vulnerability is highlight last Friday, and is dubb as a critical flaw, perhaps one of the worse, given the “ubiquitous” presence of the Log4j logging library.
This is an open-source logging library, which is use by almost all major Java-based enterprise apps and servers across the industry. A logging library is use keep track of all the activity inside an application.
According to cybersecurity firm Praetorian, the vulnerability can allow for data theft and they have passed technical details of the issue to the Apache Foundation, which maintains the Log4j library. The firm is recommending that all customers on Log4j versions 2.15.0 and below need to upgrade to 2.16.0 as quickly as possible.
The cybersecurity company has not shared the technical details stating “it would only make things difficult” and has only released a video showing the data exfiltration.
Meanwhile, other firms state that exploits based on Log4j continue to grow. Kevin Reed, CEO of Singapore-based cybersecurity firm Acronis CISO said, “The whole Internet is being scan at the moment – at least two botnets are searching for unpatch vulnerability, we’ll be seeing more in the coming days. Before Friday, we detected exploitation attempts in single digits – but over the weekend we saw 300 times growth globally. Hard to say which of those are target exploitations – likely can’t be trace by anyone at the moment.”