FLAW AFTER FLAW – Log4j
The complexity of Cyber Security has always overawed at least since the time of Stuxnet, if not earlier. The recent rampages of ransomware has been the continuation and extension of the same saga. The Pegasus story the whole world is aware of and needs no elaboration. Suffice to say, today we live in a perforated digital world, with very little positive to look forward to. For the common user, who does not understand the complexity of the game at all, taking it as his destiny, is the only way out. Unfortunately, the governments have also been reacting in a similar manner. The latest to wreck digital havoc, Log4j, already the most popular software term globally. It started as one flaw but is unfolding differently.
A second bug was being exploited as was disclosed on Wednesday by the Web Infrastructure company Cloudflare. The threat actors are proactively attempting to exploit the second bug. This is making it mandatory for the customers to quickly install the latest version. The unpatched systems are facing a barrage of attacks with a variety of malware. It is a race against time. Over 1.8 million attempts to exploit the Log4j vulnerability have been recorded so far. Advanced persistent groups of the likes of Hafnium and Phosphorus have entered the fray. They operationalize the vulnerability and discover and continue exploiting as many susceptible systems as possible for follow-on attacks.
The second vulnerability, assigned the identifier CVE-2021-45046, makes it possible for the hacker to go in for a denial of service attack. The Apache Software Foundation has accepted that the original fix for the remote code execution bug Log4Shell- ”was incomplete in certain non-default configurations.” It has since then been rectified in the next version. The advisory is that the users should update to version 2.16.0 at the earliest even if they have previously updated to 2.15.0. What is really troubling the world now, is a separate third security weakness in Log4j version 2.15.0 as has been disclosed by the security firm, Praetorian.
This vulnerability ”allows for exfiltration of sensitive data in certain circumstance.” The Apache Logging Services PMC says the are ”in contact with the engineer from Pretorian to fully understand the nature and scope of the problem.” Access brokers have been selling their capability to access through these vulnerabilities to other ransomware affiliates. The impact is multifarious. ”Log4j underscores the risk from software supply chains when a key piece of software is used within a broad range of products across several vendors and deployed by their customers around the world.”
A SOFTWARE VULNERABILITY CAN PUT THE WORLD IN A DISARAY.