{"id":4270,"date":"2022-02-04T10:44:55","date_gmt":"2022-02-04T09:44:55","guid":{"rendered":"https:\/\/www.voquz.com\/?p=4270"},"modified":"2022-02-04T12:25:08","modified_gmt":"2022-02-04T11:25:08","slug":"log4j-vulnerability-protect-your-systems","status":"publish","type":"post","link":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/","title":{"rendered":"Log4J Vulnerability: Protect your systems"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4270\" class=\"elementor elementor-4270\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0a6d61d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0a6d61d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9150663\" data-id=\"9150663\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d64733e elementor-widget elementor-widget-heading\" data-id=\"d64733e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerability: Protect your systems<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b322d42 elementor-widget elementor-widget-text-editor\" data-id=\"b322d42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The Log4Shell vulnerability in the Java tool Log4J is one of the most serious security vulnerabilities in the history of the Internet. Without a patch, thousands of organizations that rely on the affected Log4j library are at serious risk of attack.<\/p><p>It was an unwanted early Christmas present that was shared with the world on December 9th, 2021. Log4Shell rocked the industry. On this day, the most critical zero-day exploit in recent years was discovered. This critical zero-day exploit was discovered in log4j, the extremely popular Java logging library.<\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-642cb57 elementor-widget elementor-widget-text-editor\" data-id=\"642cb57\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Amazon, Apple, Twitter, Minecraft, Cloudflare, Steam: This is only a very partial list of organizations affected by this vulnerability. The implications are far-reaching as Log4j is an extremely common logging library used in most Java applications, including business systems, to record log information. Less than 24 hours after this vulnerability was published, a crypto miner was already deployed to exploit this vulnerability.<\/p><p>\u00a0<\/p><p>Log4Shell was already being exploited for a few days before it became public knowledge. Log4shell scan attempts were detected up to two weeks in advance. Attackers could install crypto miners, create botnets, and steal sensitive data and system credentials. To date, it is estimated that over a million machines have been affected.<\/p><p>The first attacks and scans, which were still manual, are now being followed by automated attempts to exploit the vulnerability. After some experts cautiously speculated that the vulnerability had worm potential, reality is now catching up: Security experts have detected variants of the Mirai botnet drones that infect worm-like vulnerable servers and automatically spread further.<\/p><p>In the meantime, the highly active Conti extortion group has also jumped on the Log4j bandwagon and is using the vulnerability to penetrate servers and networks and set up their ransomware. Cybergang resells the accesses obtained in this way. Their business model is called ransomware-as-a-service.<\/p><p>The previous attempts at attack were probably mainly tests. But now it&#8217;s getting serious. Cybercrime and secret services use the gap for their own purposes.<\/p><p>Most of the attacks on the vulnerability are still general vulnerability scans. Their sheer number is already decreasing somewhat. But that doesn&#8217;t mean the all clear. The content delivery network specialist Akamai reports that their systems detect 250,000 attempted attacks on the CVE-2021-44228 vulnerability every hour. The company assumes that such attacks will accompany us for months to come.<\/p><p>How to fix Log4J RCE vulnerability?<\/p><p>The easiest and most recommended way to fix this vulnerability is to update to Log4J version 2.15.0 or later.<\/p><p>If the update is not possible for some reason or not possible at short notice, then you can mitigate the danger in the earlier versions 2.10.0 to 2.15.0 with the following system settings:<\/p><p>log4j2.formatMsgNoLookups=true<\/p><p>In addition, an environment variable can be set:<\/p><p>LOG4J_FORMAT_MSG_NO_LOOKUPS=true<\/p><p>For releases from 2.0-beta9 to 2.10.0, removing the JndiLookup class from the classpath would be the solution. The command to perform such an action is:<\/p><p>zip -q -d log4j-core-*.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/p><p>For more details, see the GitHub commit that fixes this vulnerability.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerability: Protect your systems The Log4Shell vulnerability in the Java tool Log4J is one of the most serious security vulnerabilities in the history of the Internet. Without a patch, thousands of organizations that rely on the affected Log4j library are at serious risk of attack. It was an unwanted early Christmas present that was [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":4257,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,143],"tags":[],"class_list":["post-4270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log4J Vulnerability: Protect your systems - VOQUZ ITS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4J Vulnerability: Protect your systems - VOQUZ ITS\" \/>\n<meta property=\"og:description\" content=\"Log4J Vulnerability: Protect your systems The Log4Shell vulnerability in the Java tool Log4J is one of the most serious security vulnerabilities in the history of the Internet. Without a patch, thousands of organizations that rely on the affected Log4j library are at serious risk of attack. It was an unwanted early Christmas present that was [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"VOQUZ ITS\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-04T09:44:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-04T11:25:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"IT Department\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"IT Department\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\"},\"author\":{\"name\":\"IT Department\",\"@id\":\"https:\/\/its.voquz.com\/en\/#\/schema\/person\/b0475713fe115d7098d3e65c8b76b982\"},\"headline\":\"Log4J Vulnerability: Protect your systems\",\"datePublished\":\"2022-02-04T09:44:55+00:00\",\"dateModified\":\"2022-02-04T11:25:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\"},\"wordCount\":534,\"publisher\":{\"@id\":\"https:\/\/its.voquz.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png\",\"articleSection\":{\"1\":\"Security\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\",\"url\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\",\"name\":\"Log4J Vulnerability: Protect your systems - VOQUZ ITS\",\"isPartOf\":{\"@id\":\"https:\/\/its.voquz.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png\",\"datePublished\":\"2022-02-04T09:44:55+00:00\",\"dateModified\":\"2022-02-04T11:25:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage\",\"url\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png\",\"contentUrl\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png\",\"width\":1000,\"height\":525},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/its.voquz.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log4J Vulnerability: Protect your systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/its.voquz.com\/en\/#website\",\"url\":\"https:\/\/its.voquz.com\/en\/\",\"name\":\"VOQUZ ITS\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/its.voquz.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/its.voquz.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/its.voquz.com\/en\/#organization\",\"name\":\"VOQUZ ITS\",\"url\":\"https:\/\/its.voquz.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/its.voquz.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2021\/06\/logo.svg\",\"contentUrl\":\"https:\/\/its.voquz.com\/wp-content\/uploads\/2021\/06\/logo.svg\",\"caption\":\"VOQUZ ITS\"},\"image\":{\"@id\":\"https:\/\/its.voquz.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/its.voquz.com\/en\/#\/schema\/person\/b0475713fe115d7098d3e65c8b76b982\",\"name\":\"IT Department\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g\",\"caption\":\"IT Department\"},\"url\":\"https:\/\/its.voquz.com\/en\/author\/voqadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4J Vulnerability: Protect your systems - VOQUZ ITS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/","og_locale":"en_US","og_type":"article","og_title":"Log4J Vulnerability: Protect your systems - VOQUZ ITS","og_description":"Log4J Vulnerability: Protect your systems The Log4Shell vulnerability in the Java tool Log4J is one of the most serious security vulnerabilities in the history of the Internet. Without a patch, thousands of organizations that rely on the affected Log4j library are at serious risk of attack. It was an unwanted early Christmas present that was [&hellip;]","og_url":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/","og_site_name":"VOQUZ ITS","article_published_time":"2022-02-04T09:44:55+00:00","article_modified_time":"2022-02-04T11:25:08+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png","type":"image\/png"}],"author":"IT Department","twitter_card":"summary_large_image","twitter_misc":{"Written by":"IT Department","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#article","isPartOf":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/"},"author":{"name":"IT Department","@id":"https:\/\/its.voquz.com\/en\/#\/schema\/person\/b0475713fe115d7098d3e65c8b76b982"},"headline":"Log4J Vulnerability: Protect your systems","datePublished":"2022-02-04T09:44:55+00:00","dateModified":"2022-02-04T11:25:08+00:00","mainEntityOfPage":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/"},"wordCount":534,"publisher":{"@id":"https:\/\/its.voquz.com\/en\/#organization"},"image":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png","articleSection":{"1":"Security"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/","url":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/","name":"Log4J Vulnerability: Protect your systems - VOQUZ ITS","isPartOf":{"@id":"https:\/\/its.voquz.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage"},"image":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png","datePublished":"2022-02-04T09:44:55+00:00","dateModified":"2022-02-04T11:25:08+00:00","breadcrumb":{"@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#primaryimage","url":"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png","contentUrl":"https:\/\/its.voquz.com\/wp-content\/uploads\/2022\/02\/picture-blog.png","width":1000,"height":525},{"@type":"BreadcrumbList","@id":"https:\/\/its.voquz.com\/en\/log4j-vulnerability-protect-your-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/its.voquz.com\/en\/"},{"@type":"ListItem","position":2,"name":"Log4J Vulnerability: Protect your systems"}]},{"@type":"WebSite","@id":"https:\/\/its.voquz.com\/en\/#website","url":"https:\/\/its.voquz.com\/en\/","name":"VOQUZ ITS","description":"","publisher":{"@id":"https:\/\/its.voquz.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/its.voquz.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/its.voquz.com\/en\/#organization","name":"VOQUZ ITS","url":"https:\/\/its.voquz.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/its.voquz.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/its.voquz.com\/wp-content\/uploads\/2021\/06\/logo.svg","contentUrl":"https:\/\/its.voquz.com\/wp-content\/uploads\/2021\/06\/logo.svg","caption":"VOQUZ ITS"},"image":{"@id":"https:\/\/its.voquz.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/its.voquz.com\/en\/#\/schema\/person\/b0475713fe115d7098d3e65c8b76b982","name":"IT Department","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d5865cdaabd1e9ae6c7363d952409dc98e77593239394f771e777095e5a17fa?s=96&d=mm&r=g","caption":"IT Department"},"url":"https:\/\/its.voquz.com\/en\/author\/voqadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/posts\/4270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/comments?post=4270"}],"version-history":[{"count":7,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/posts\/4270\/revisions"}],"predecessor-version":[{"id":4290,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/posts\/4270\/revisions\/4290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/media\/4257"}],"wp:attachment":[{"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/media?parent=4270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/categories?post=4270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/its.voquz.com\/en\/wp-json\/wp\/v2\/tags?post=4270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}