According to the NCSC, the program is “very widely used by organizations large and small in the Netherlands and abroad”. All of these organizations are at risk of being hacked due to this vulnerability.
Updates are now available to resolve the issue. NCSC calls to companies To make these updates as quickly as possible.
The leak showed that Minecraft can be hacked, among other things. The leak could have been found at other companies, including Twitter, Amazon and Apple, and in Tesla electric cars.
It is not yet clear how big the problem is and which companies might be affected. The National Civil Service Center reports that the vulnerability is already “widely” used in practice.
Moreover, any criminal hacker connected to the Internet can exploit the vulnerability relatively easily. Given the high interest in the leak, the National Center for Food Security expects that “methods of abuse will be further developed in the coming period.”
What is Log4j?
Log4j is software used to keep so-called “logs” of web servers. A lot of information is stored in such a log, such as error messages. This allows administrators to detect problems or suspicious behavior.
This week it emerged that there is a major security vulnerability in Log4j. If somehow a piece of Java code ends up in a register, that code is executed by the web server.
Such a piece of code can contain malware that a hacker can, for example, gain access to the entire server or spread malware.
Minecraft hack using username
There are several ways in which malicious code can enter the registry. In the popular game Minecraft, for example, usernames registered in the vulnerable Log4j were found. Anyone who sets such a token as a username can easily hack the server.
As long as companies do not update their software, they remain vulnerable. That’s why major digital service providers Google and Cloudflare have quickly taken preventive measures.
These companies form a kind of “channel” between users and websites. By taking measures already in this channel, many attacks can be prevented.
“Professional web ninja. Certified gamer. Avid zombie geek. Hipster-friendly baconaholic.”