What is Log4Shell?

A cybersecurity vulnerability in an open-source logging software is creating havoc globally.

• Log4J is an open-source Java-based logging service that is used to login to services such as Amazon, Apple iCloud, Minecraft, Twitter, Steam and many others.
• Log4J comes with the open-source Apache software service that is installed on almost a third of all the web servers globally. The zero-day Log4J bug is called Log4Shell.
• The Log4Shell vulnerability was first detected when one of the world’s biggest games, Minecraft was noticed to see executing malicious code on its servers.
• Very soon it was discovered that it wasn’t just Minecraft, but similar vulnerability was causing issues with iCloud, Amazon, Cloudflare, Twitter, Baidu, Steam, among others.
• According to the BBC, the attack was “akin to someone figuring out that mailing a letter to your postbox with a specific address written on it, allows them to open all your doors in your house”.
• The vulnerability could be used to install malicious software that mines crypto-currency aka crypto-miners, steal passwords and logins and extract data from compromised systems.
• As an end-user there’s little that you can do other than checking with the services you login to see whether they have patched their servers with the latest security updates and updated Log4J.