Search
  • Siim P

Log4shell: Why You Should Check Your Company Right Now

Term of the month: Remote Code Execution

One of the main culprits of the destruction that Log4j can do is Remote Code Execution. In its essence it is rather simple. RCE allows the attacker to execute commands on someone else’s computer. That gives enormous power to the attacker since they can tell your device to do whatever they want for instance download malware, divert funds etc.

 

BRIEF UPDATE

The most urgent topic for this month and the months ahead is going to be Log4Shell/J. I highly suggest to read to the first link to get a better understanding of why your IT staff is worried about it and why you should do everything you can to help them deal with the threat that it poses. If the company systems have been updated and secured then you should thank the IT staff since they probably gave a good chunk of their holiday time to mitigate it.

As a quick and really basic summary Log4j is a logging tool that is widely used in all types of software and hardware. You definitely have a service or a device that is affected by this zero day exploit that device can be your office server, printer, smart fridge or router at home. That is why it is so important that you go thorough and update all the devices and software that you use both in your private life and professional setting. If not mitigated there is a high chance attackers will try to break into your system to steal data, passwords or infect your networks with malicious software.

The most notable attack that has been publicised due to Log4j is the Belgium Ministry of Defence attack that took down e-mail servers. But this is probably just the start with ransomware gangs quickly adapting the exploit to start cashing in on victims to slow to update their environments.

 

CYBER SECURITY IN THE NEWS

Log4shell, As Explained By Metaphor And Memes

Apache Log4j Bug: China’s Industry Ministry Pulls Support From Alibaba Cloud For Not Reporting Flaw To Government First

Log4j Exploit Takes Down Ministry Of Defense Email Servers In Belgium

Log4shell Malware Threat Forces Canadian Government To Shut Down Websites

FBI Document Shows What Data Can Be Obtained From Encrypted Messaging Apps

Inside Ireland’s Public Healthcare Ransomware Scare

Can Your Cybersecurity Culture Stand Up To The Latest Spear Phishing Techniques?

Dna Diagnostics Centre Breach Exposed Sensitive Information Of More Than 2.1 Million People

4 views0 comments