It has certainly been a while since we’ve had a nasty bug making enough of a stink that it warrants being the subject of one of our weekly blog posts, but here we are again. The good thing has always been that these software vulnerabilities are usually quite limited in the scope of what they’re capable of, and that means they usually don’t get much fanfare and they’re also usually fairly easily dealt with via patches and the like. The problem becomes when the bug is rooting in software that is ubiquitous as far as being used in cloud serves and enterprise software used as much for government as it is in industry. That’s the scenario with the new Log4Shell Software Vulnerability that has the Internet ‘On Fire’ according to those who are qualified to determine whether something is on fire or not. All joking aside, this is apparently a critical vulnerability in a widely used software tool, and – interestingly enough - one that was quickly exploited in Minecraft. But now it emerging as a serious threat to organizations around the world, and here at 4GoodHosting like most quality Canadian web hosting providers we like to keep our people in the know when it comes to anything that’s so far-reaching it might apply to a good number of them. Quick to be Weaponized Cybersecurity firm Crowdstrike is as good as any for staying well on top of these things, and reading what they have to say about Log4Shell is that within 12 hours of the bug announcing itself it’s been fully weaponized. That means that tools have been developed and distributed for the purpose of exploiting it. Apparently all sorts of people are scrambling to patch, but just as many are scrambling to exploit. It’s believed this software flaw may be the worst computer vulnerability to come along in years. As hinted at, it was discovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government. If allowed to continue unchecked it has the potential to enable criminals, spies, pimps and programming novices alike for no-hassle access to internal networks. Once in they...
