Log4j, a software used by millions of web servers, was found with a major security flaw last week. Hackers are trying to take advantage of this bug (attacks are termed as Log4shell attacks) as this library is being used extensively over the globe by millions of apps.
Detected first within the game "Minecraft", this vulnerability was soon brought to light by the media worldwide.
It is easier for attackers to deceive the Log4j using the malicious code that contains a recursive lookup, resulting in a StackOverflowError and thereby forcing the software to store the log entry in form of a particular text that will terminate the process. Popularly known as a DDOS attack.
Soon, the cybersecurity agencies worldwide have raised alerts over Log4j. CyberSec experts are calling it "one of the worst in years, if not decades".
Companies have advised their customers to update to version 2.17.0 to cope up with the vulnerability. The update is said to be able to fix most of the issues.
Companies can use a combination of multiple AWS services to help limit their risk/exposure from the Log4j vulnerability. Services like AWS WAF, Amazon Route 53 Resolver DNS Firewall, AWS Network Firewall, Inspector, Guard Duty, Security hub, etc. could prove to be useful when maximizing the security against cyberattacks carried out as a result of exploiting such vulnerabilities.
As an AWS Advanced Consulting Partner and having expertise in security, we at Cloud.in adopt security practices as per AWS standards for all our customers. Considering the AWS environment and offerings there are a lot of services that enhance and improve the security posture of your applications.
Reach out to us to secure your applications at sales@cloud.in
%20(3).png)