With hundreds of thousands of attack attempts being detected and blocked only by its systems ESET, there is no time to lose, as it may be a matter of time before attacks intensify through vulnerability log4Shell.
ΜBusiness leaders may be aware of the budget they have approved for their IT department, but often unaware if systems IT of their company have been informed or if the vulnerabilities have been repaired.
Of course things change when one breaking news arises for some another company that has been hacked or for data breach due to a vulnerability in the software it used. Reading such news, business leaders should ask themselves: "Does my company use this software? And, if so, we have taken the necessary steps to protect ourselves; ”.
One such case is the vulnerability log4Shell which recently monopolized the media internationally. Initially, this vulnerability concerns a piece of code - the platform Apache log4j 2 Used worldwide and could easily exist in the software used by your company, even without the knowledge of the department staff IT.
By this meaning, it's almost like any other vulnerability that information systems security teams typically deal with. In addition, exploiting the weakness that exists in this code is rather simple for cybercriminals and, therefore, dangerous for your business.
Sitting behind their computer screen somewhere far away (or probably not so much) and armed with little knowledge of the programming language Java, cybercriminals can scan the internet and send malicious packages to compromise some of your systems exposed to the Internet and running a vulnerable version of this code library.
If your system is infected with such a malicious package, the game may be almost over, because the attacker has now instructed one of your systems to try to contact a website and download malware that could take full control of that system.
In the same way, a cybercriminal already on your network could just as easily move to other systems, using the same tactics.
So far, its detection systems ESET have seen attackers try to transfer malware such as coin miners, Trojans Tsunami and Mirai, as well as the Meterpreter penetration test tool. Probably it is matter of time to intensify attacks and advanced threat carriers to massively target vulnerability.
Now is the time to check and update
Η Log4Shell vulnerability has provoked reactions internationally, with companies taking full control of all software they use and / or develop for the presence of vulnerable versions of the library Log4j 2. With hundreds of thousands of attack attempts to be located and be excluded only from ESET systems, there is no time to lose.
Business leaders must to talk to staff IT of their company to ensure that a complete search of all software components from A to Z is performed, based on a list of priorities. Many software development companies have already tested their products and have posted tips for customers about whether they are affected and, if so, what action customers should take. The team IT of your company should seek these tips immediately.
Importantly, once vulnerable versions of the library are found log4j, IT teams to update to the latest version of the library, which is currently the 2.16.0. The administrators IT can follow the tips that are located here.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
