Jan 4, 2022
Log4j, One of the Most Serious Flaws Ever Revealed
Spyderbat has released a free system-level tool that scans for vulnerable versions of log4j on Linux systems.
As the repercussions from the Log4j vulnerability unfolds, cybersecurity experts are debating what the future holds. The Log4j repercussions are bad and getting worse. According to VMware's Head of Cybersecurity Strategy, Tom Kellermann, the Log4j vulnerability is one of the worst he has encountered in his career and has the potential to be one of the most serious flaws ever revealed.
Log4j, developed by the Apache Software Foundation, is a Java library for recording error messages in applications with the sole aim of being a support for the bridge between applications and compute environments. Unfortunately, the Log4j exploitation will undermine this support and destabilize the digital structure that has been created in connection to it.
Kellermann stated, “My greatest concern is someone further weaponizing the vulnerability by creating a worm, like a polymorphic type of malware that has the capacity of spreading on its own.”
Cybersecurity expert Marcus Hutchins wrote on Twitter “a worm would need a novel exploitation technique to gain any real value over scanning.”
Tim Wade, CTO of Vectra, echoed “less direct attacks may cause greater long-term damage if they go undetected for an extended period of time.”
Spyderbat, a pioneer in securing cloud-native environments, recently released a free system-level tool that scans for vulnerable versions of Log4j on Linux systems [https://github.com/spyderbat/log4jtool]. This free system-level scan tool is a command-line that scans a Linux system and reports on any vulnerable versions.
Spyderbat’s SAAS solution for Linux runtime security is designed to not only warn of these potential attacks, but also trace activity from the source in real-time, significantly reducing the time to detect and mitigate these types of attacks. Get a FREE Spyderbat account here https://www.spyderbat.com/
Spyderbat provides Linux runtime security through its alert tracing and visualization platform. The traditional approach of alerting on isolated unusual and malicious activity leads to a large volume of alerts, false positives, expert analysis, and ultimately little confidence that your network is secure. This confidence is further strained by organizations' growing dependence on the Cloud and containers, where fast-moving workloads obscure attacker's movements. Spyderbat’s real-time attack traces provide the most effective way to discover and validate threats, significantly reducing internal resource strains, allowing for fast intercept of intruders, cutting dwell time and ultimately damage to the organization.
Get up and running in minutes across your Linux systems and devices. Included is Spyderbat’s free gamified training tool that exposes you to real attacks to quickly become an expert at detecting and defending your Linux environments.