All Internet server danger... Security industry emergency in log 4J vulnerability

As a deadly security vulnerability for almost all Internet servers, a deadly security vulnerability was found, and it took an emergency in the domestic and foreign security industry.

The 12th security industry is an emergency on the Java-based Open Source Logging Library 'Log 4J' related remote code (RACE) vulnerability (RACE).

Logging is a process of preserving the activity history of the web application. It is an industry analysis that is used in almost all web services, and the exploitable dismissal of the discovered vulnerability is low, and it is possible to wear hacking damage.

It was the last 10 days that this vulnerability was first known. At that time, the analysis was raised that even famous services such as Minecraft, iCloud, Steam, and Cloud Flare are also able to get vulnerabilities.

Hackers are moving immediately to this news. Security Corporate Gray Noise said that the tries to search for a log 4J 2.0 to 2.14.1 version of the vulnerability. New Zealand Infringement Affording team (CERT) also warned that an attacker is actively exploiting this vulnerability.

The Global Security Company Berries developed and distributed, developed and distributed in this vulnerability to the vulnerability. The vaccine will operate a flag that invalidates the vulnerability by using this vulnerability. It is intended to temporarily take advantage of this vaccine if it takes some time to apply the security patch distributed by Apache.

Florian ROS, a research director of other global security companies, shared the Yard rules that continually reflect the attack-related signatures that exploit this vulnerability in the Code Services 'Feathering Host'.

Domestic security companies are actively responding to this situation. Vulnerability Analysis Specialist IO Otis Cube has been free to detect the checking service that is using the logging feature of the Log 4J version of this vulnerability.

AI Security Corporate Log Less also distributes system scanners for this vulnerability in Feathers.

An East Security official said, From the 10th of the report, we are announcing the relevant contents of the blog, and are emergencies about the relevant malicious files that are spread overseas, and Vulnerability issues are not related to vulnerability, Cybersecurity Center and Korea Internet Promotion Agency

I have created a signature that can respond to this vulnerability attack, and distributed to the network security suite, and announced on security intelligence services and the related contents to its blog.

SK Cheaper officials said, We will recommend applying the security patches and open sources to the vulnerability to apply to the customer, I see I plan to keep track of the future.

The security-related public institutions have risen related responses.

The National Intelligence Service, which is responsible for the public areas, has conducted an emergency inspection of this vulnerability, and has confirmed that it has not been hacked until now. In addition, the National Cyber ​​Sharing Information Sharing System (CTI) We shared the vulnerability information through the homepage.

The Science and Technology Information and Communications Department, which is responsible for the private sector, also recommended security updates to major companies.