From Data Theft To Complete Control Of Computer Systems, Log4j Vulnerabilities Lurk In Internet-Connected Systems. Worse Point? Users Can Not Do Anything.

A new dangerous vulnerability in cyber security has been discovered that affects almost the entire Internet and has caused many companies, from financial institutions to government agencies, to struggle to tweak their systems so that criminals can take advantage of this cyber vulnerability attack. ندهند.

According to Yahoo Finance, a new vulnerability known as Log4j affects a type of login open-source software. This software allows developers to understand how their software performs and helps companies find potential bugs or software performance issues.

However, Log4j, part of the software provided by the Apache Foundation (open source), theoretically helps hackers gain control of the organizations’ computers and networks.

Log4j vulnerabilities have been released; however, implementing these patches in the systems is crucial. Private and government organizations that use the Apache Foundation software do not have a brilliant track record of quickly updating their plans.

We are facing a severe problem.

“We have a” severe “problem. The nature of the vulnerability is such that it can affect many different parts of the software,” Justin Capes, an associate professor at New York University School of Engineering, told Yahoo Finance.

The main concern is that hackers will use Log4j to gain control of all unpatched systems and use them as their system. Security experts say Log4j could provide tools for cybercriminals to steal user data and control real-world infrastructure.

According to experts, Log4j is dangerous for two reasons: Apache Foundation software is widely used, ۲ and cybercriminals take advantage of this vulnerability. “Lane, a senior fellow at Stanford University’s Center for International Security and Cooperation,” said Herb Lane.

If you have a vulnerability and use it, I can run my code on your system. It’s like I’m using your device, and now I can do all the things you can do.

According to Lane, hackers can steal emails, destroy files, install ransomware, and do other things. However, the potential damage caused by Log4j does not end there. Herb Lane continues:

I can now take control of the generator to which your system is connected. This problem affects millions of systems worldwide.

Another big problem is that as a user, you do not know if the companies you trust to protect your files will install patches quickly. “Caps says in part:

If there is a bug in Microsoft Word, I might say that I do not use Word; So, I’m not worried about that. However, you may not know where Log4j is used at all.

According to a new announcement from Microsoft, hackers are currently scanning systems through the Log4j vulnerability. It means that hackers are trying to determine if the potential victims are vulnerable. Of course, several hackers are already using Log4j to launch a cyberattack and do things like installing Minerz Crypts on the victim device, stealing data, etc.

Microsoft claims that groups in Turkey, China, Iran, and North Korea are also developing tools to exploit the Log4j vulnerability. Also, several Iranian and Chinese groups are using Log4j to strengthen their capabilities in the field of cyberattacks.

Hackers have started exploiting Log4j.

The US Cyber ​​Security and Infrastructure Security Agency have instructed federal civilian agencies to patch their systems. The agency, which operates under the auspices of the Ministry of Homeland Security, has advised non-federal partners to do the same.

Troubleshooting vulnerabilities like Log4j requires companies to download the appropriate patch, But implementing updates is time-consuming. One of the reasons for the time lag is that companies need to make sure that new software updates do not affect their software. Another critical point is that we as users can do practically nothing; Because Log4j is not a vulnerability that most users can fix.