Log4Shell

The simplest of hacks…

Imagine being able to hack a server simply by pasting a block of text into a chat window. Well, that’s exactly what happened to the game MineCraft’s servers over the weekend. The newly discovered vulnerability is called Log4Shell and it exploits a previously unknown weakness is a common Java library used by thousands of servers around the world. The vulnerability allows an attacker to take complete control of the server using simple text inserted in a login field or other window, like a chat window.

Who’s vulnerable? Twitter, iCloud, even certain Microsoft applications, just to name a few. The truth is, Java is one of the most prolific programming languages used on servers, particularly internet servers, so the potential reach of this vulnerability is almost incalculable – potentially every single company. So you have a vulnerability that impacts almost every server and you need no hacking skills to be able to exploit it. That’s the reason why cybersecurity experts are sounding the alarm and many are calling this the most dangerous weakness we’ve seen in years.

What can you do about it? Application developers are actively issuing patches for this vulnerability. If you’re hosting your own servers or running your own applications, it’s a good idea to check if you are using log4j2. If you are, make sure you update the Java library immediately. For everyone else, make sure you run your updates this week – that includes checking the firmware on your firewalls and network switches. Virtually anything that has a log in process could be using this bit of Java code, and that means it needs to be updated.

For more information, read the details here: CVE – CVE-2021-44228 (mitre.org)

Stay on the lookout for holiday scams – fake delivery receipts are exceptionally popular right now, as are fake Amazon purchase emails.