What is Log4Shell?

Picture of informed

Curated by informed

A cybersecurity vulnerability in an open-source logging software is creating havoc globally.

  • Log4J is an open-source Java-based logging service that is used to login to services such as Amazon, Apple iCloud, Minecraft, Twitter, Steam and many others.
  • Log4J comes with the open-source Apache software service that is installed on almost a third of all the web servers globally. The zero-day Log4J bug is called Log4Shell.
  • The Log4Shell vulnerability was first detected when one of the world’s biggest games, Minecraft was noticed to see executing malicious code on its servers.
  • Very soon it was discovered that it wasn’t just Minecraft, but similar vulnerability was causing issues with iCloud, Amazon, Cloudflare, Twitter, Baidu, Steam, among others.
  • According to the BBC, the attack was “akin to someone figuring out that mailing a letter to your postbox with a specific address written on it, allows them to open all your doors in your house”.
  • The vulnerability could be used to install malicious software that mines crypto-currency aka crypto-miners, steal passwords and logins and extract data from compromised systems.
  • As an end-user there’s little that you can do other than checking with the services you login to see whether they have patched their servers with the latest security updates and updated Log4J.
Articles from 4 publishers

4 articles on this topic

The Next Web

The Log4j bug exposes a bigger issue: Open-source funding

article image
7 min read

CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices

1 min read
Venture Beat

Log4j exploits suggest attackers gearing up for ransomware

article image
4 min read
Threat Post

Log4Shell Is Spawning Even Nastier Mutations

6 min read