A new dangerous vulnerability in the field of cyber security has been discovered that affects almost the entire Internet and has caused a considerable number of companies, from financial institutions to government agencies, to struggle to tweak their systems so that criminals can take advantage of this cyber vulnerability to attack. ندهند.
According to Yahoo Finance, a new vulnerability called Log4j is known to affect some kind of open source login software. This software allows developers to understand how their software is performing and helps companies find potential bugs or software performance issues.
However, Log4j, part of the software provided by the Apache Foundation (open source entity), theoretically helps hackers gain control of the computers and networks of the organizations that use the software.
Log4j vulnerabilities have been released; However, the most important thing is to implement these patches in the systems. Private and government organizations that use the Apache Foundation software do not have a brilliant track record of quickly updating their systems.
We are facing a very serious problem
Justin Caps“We have a ‘very serious’ problem, and the nature of the vulnerability is such that it can affect many different parts of the software,” says an associate professor at New York University School of Engineering.
The main concern is that hackers will use Log4j to gain control of all un patented systems and use them as their own system. Security experts say Log4j could provide tools for cybercriminals to steal user data and control real-world infrastructure.
According to experts, Log4j is dangerous for two reasons: Apache Foundation software is widely used; ۲. How cybercriminals take advantage of this vulnerability. Herb LaneSays a senior fellow at Stanford University’s Center for Security and International Cooperation:
If you have a vulnerability and I use it, I can run my own code on your system. It’s like I’m using your device and now I can do all the things you can do.
According to Lane, hackers can steal emails, destroy files, install ransomware and do other things. However, the potential damage caused by Log4j does not end there. Herb Lane continues:
I can now take control of the generator to which your system is connected … This problem affects millions of systems around the world.
Another big problem is that as a user you do not know if the companies you trust to protect your files will install patches quickly. “Caps says in part:
If there is a bug in Microsoft Word, I might say that I do not use Word; So, I’m not worried about that. However, you may not know where Log4j is used at all.
According to a new announcement from Microsoft, hackers are currently scanning systems through the Log4j vulnerability. This means that hackers are trying to figure out if the potential victims are vulnerable. Of course, a number of hackers are already using Log4j to carry out cyber attacks and perform tasks such as installing Minzar Crypts on the victim device, stealing data, and so on.
Microsoft claims that groups in Turkey, China, Iran and North Korea are also developing tools to exploit the Log4j vulnerability. Also, a number of Iranian and Chinese groups are using Log4j to strengthen their capabilities in the field of cyber attack.
Hackers have started exploiting Log4j
The US Cyber Security and Infrastructure Security Agency has instructed federal civilian agencies to patch their systems. The agency, which operates under the Ministry of Homeland Security, has advised non-federal partners to do the same.
Troubleshooting vulnerabilities like Log4j requires companies to download the appropriate patch; But implementing updates is time consuming. One of the reasons for the time lag is that companies need to make sure that new software updates do not affect their software. Other The important thing is that we as a user can do practically nothing; Because Log4j is not a vulnerability that most users can fix.