Govt’s cyber threat agency issues maximum caution against Apache Log4j software

Cyber Threat Research team of Bangladesh Computer Council's e-Government Computer Incident Response Team (BGD e-GOV CIRT) on Wednesday (15 December) sent out a warning against the use of Apache Log4j software after it had been marked as a critical vulnerability.

Regular monitoring of CIRT's Cyber Sensor Unit has identified Apache Log4j software library version 2.0-beta9 to 2.14.1 Remote Code Execution Vulnerability/Security Error CVE-2021-44228, reads a press release.

Log4j is widely used in consumer and enterprise services, websites and applications, as well as operational technology products.

CVE-2021-44228/Log4Shell was tested in CIRT's lab and it got a CVSS score of 10 out of 10 making it a maximum risky software, the press release added.

Exploiting this vulnerability, cyber-criminals can greatly disrupt the normal functioning of an organisation by controlling the CVE-2021-44228 security flawed application system as well as completely encrypting important information.

CIRT put forward a set of suggestions to avert the risk including identifying and auditing Log4j related applications to ensure that no cyberattacks have already taken place, installing strong WAF and keeping the updates running automatically, and ensuring secure backup of data.