Sber’s subsidiary BI.ZONE publishes a tool to combat a new critical vulnerability
The vulnerability allows even inexperienced hackers to gain control over servers and web applications. No special knowledge is needed to exploit this vulnerability. It is enough to have a general idea of the Java programming language and its usage patterns.
Possible targets include products from tech giants like Google, Amazon, Apple, and Cloudflare, as well as corporate in-house solutions ranging from production management systems to diagnostic utilities. Sber’s subsidiary BI.ZONE has released a tool for the general public to combat this threat.
So far, companies have relied on classical vulnerability scanners to address the problem. However, these tools are not very effective in this case—they do not provide complete coverage of all data being logged.
Additionally, the BI.ZONE WAF cloud service can be used as protection against external attacks. It does not relieve you of installing updates to fix the vulnerability, but it does mitigate the risk of successful Log4Shell exploitation.
The Log4Shell vulnerability is related to the Log4j logging library that is used to create various applications and programs. Using Log4Shell, hackers can get into companies’ IT infrastructures and thereby steal data, encrypt all files and disrupt vital business processes.