ADVANCE | Building Your Technology Advantage

View Original

Whitepaper | The Vulnerability That Had The Security Community in Meltdown | Log4Shell/Logjam

Log4Shell, or Logjam, is the name security researchers have given the disclosed vulnerability that threw security experts into crisis mode in early December. The name comes from the software package which has the vulnerability, which is called Log4j and is a part of the very common programming framework, Java.

In short, it is an extremely easy-to-exploit vulnerability that affects millions, if not billions, of devices, systems and programs worldwide, making it a very serious concern in the world of cybersecurity.

In this whitepaper we explore what the vulnerability is and why is caused such great concern.

WHAT IS IT?

The vulnerability exists within a standard way for systems to record information about what they are processing, known as logging. A computer may log information entered by users, such as usernames or clicks, or system data, such as error messages and error times. These logs can then be used later to troubleshoot issues, or better understand how the computer is working.

The Log4Shell vulnerability exists because when a specific, malicious combination of text is logged, the logging computer sees the text as a command to be executed rather than information to be entered into the log. The malicious command tells the computer to connect to a separate, external computer and download a program. If the attacker has written the text correctly, this second computer will be one they control, and the program it downloads will be anything the attacker chooses, likely something malicious.

To continue reading, donwload the whitepaper below:

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

See this form in the original post