Fixing the vulnerability found on the Apache web server is in the hands of organizations and businesses. The average internet user can do nothing about it.
Significant part of the internet is currently in a vulnerable state.
Security researchers have discovered the vulnerability in the Apache web server. The vulnerability could allow an external attacker to gain control of a server over the Internet without passwords or user IDs.
An attacker could then download, among other things, blackmail viruses to the server or retrieve server information for themselves, as was the case with the Anti-Virus.
Apachen Log4j is a very popular application component and can also be used in applications other than the Apache web server application. That is why the vulnerability is so serious, says the information security expert of the Cyber Security Center of the Finnish Transport and Communications Agency Juho Jauhiainen.
“Usually, software doesn’t reinvent the wheel, but uses existing application components. This component is used in a really large number of Internet services, which adds to the gravity of the situation. ”
According to Jauhiainen, the vulnerability has also been actively exploited in Finnish organizations.
“It is not yet certain whether any of the attacks were successful. The attackers are currently trying to use these vulnerable systems to extract cryptocurrency. ”
Fault is located in the part of the Java programming language used for logging, ie monitoring the technical operation of the server and error conditions.
Typically, the logging component stores application events in chronological order. A vulnerability has now been identified in that component that executes the text to be saved as code.
The center recommends that administrators upgrade to log4j-2.15.0-rc2. Many companies have already made the upgrade: for example, F-Secure, a provider of cyber security solutions, has announced that it has upgraded its system.
The average user cannot do anything to fix the vulnerability.
“We are trying to communicate this so that all organizations get to know this and start investigating,” Jauhiainen says.
“If data breaches are detected, we hope to be contacted at a low threshold.”
.
#Security #Internet #vulnerable #state #Businesses #organizations #fix #prevent #hacking
