Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises

Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
GitLab patches critical vulnerability that allows hackers to take control of accounts

Log4j is developed by the Apache Foundation and is widely used by both enterprise applications and cloud computing services.

As a result, anything from enterprise software to web applications and products from Apple, Amazon, Cloudflare, Twitter, and Steam can be vulnerable to remote code execution (RCE) attacks. Even users are at risk because some popular games like Minecraft still use Java.

Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises Picture 1

Hackers are actively looking for victims

The new zero-day vulnerability is tracked under the code CVE-2021-44228 and is named Log4Shell or LogJam. Successfully exploiting this vulnerability, hackers can take control of all systems with Log4j installed from version 2.0-beta9 to version 2.14.1.

Alibaba Cloud's security team reported this vulnerability to Apache on 11/24. They also revealed that CVE-2021-44228 affects default configurations of many Apache frameworks including Apache Strust2, Apache Solr, Apache Druid, Apaceh Flink, etc.

After the first Log4Shell exploit was shared on the Internet on December 9, hackers actively scoured the internet for vulnerable systems. They target systems that contain vulnerabilities but are not heavily protected, do not require authentication, and can be exploited remotely.

Patches and damage reduction methods are available

Apache has now released Log4j version 2.15.0 to address the critical vulnerability CVE-2021-44228.

Vulnerabilities can also be reduced if you set the "log4j2.formatMsgNoLookups" system property to "true" or remove the JndiLookup class from the classpath. This damage reduction method only works with Log4j version 2.10 and above.

Researchers from cybersecurity company Cybereason have also released a "vaccine" package called Logout4Shell that can be installed onto a vulnerable Log4j server remotely to reduce the vulnerability of the vulnerability.

You can learn more about Logout4Shell by visiting the link here.

Minecraft is currently actively looking for ways to patch CVE-2021-44228 while a series of agencies and organizations have warned about this vulnerability.

Jessica Tanner

Update 11 December 2021

You should read it

May be interested

Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
using microsoft azure can help companies better secure their data. however, a newly discovered vulnerability shows the opposite result.
Microsoft discovered a critical vulnerability on macOS
microsoft has just discovered a critical vulnerability in apple's macos. a new vulnerability called shrootless on macos discovered by microsoft is very serious.
A programmer discovered a serious vulnerability of Steam but only received 460 million VND
a programmer with the nickname 'moskowsky' posted on the hackerone forum about how he discovered a serious security vulnerability that allowed him to download the entire game without losing any money.
Detecting an 8-year-old security flaw, affecting 150 HP printer models
researchers have discovered several security vulnerabilities affecting at least 150 models of hp multifunction printers (print, scan, fax).
Immediately patch CWP vulnerability that allows code execution as root on Linux servers
security researchers have discovered two new vulnerabilities affecting control web panel (cwp) software. hackers could chain these two vulnerabilities to gain remote code execution (rce) privileges as root on vulnerable linux servers.
Detects Zero-Day vulnerabilities on Windows PC operating systems that allow administrative rights
security firm kaspersky (russia) has discovered a zero-day vulnerability on pc operating systems that has been exploited and exploited by hackers for a long time to control all systems running on the platform.
Google awarded US $ 36,000 to the Uruguayan boy who discovered the carrier's serious security error
recently, google awarded $ 36,337 usd to ezequiel pereira, a uruguayan teenager because he discovered a serious security error that could be exploited by hackers to change the company's system.
Vulnerability in Microsoft Outlook makes users believe in phishing emails
a new vulnerability has just been discovered by a security researcher on the microsoft outlook platform.
A 14-year-old child who has found a FaceTime error on iOS
not a technology expert but a 14-year-old boy who discovered the vulnerability could be eavesdropped on apple's facetime application.
Google discovered a dangerous zero day vulnerability on many Samsung Galaxy, Huawei, Xiaomi and even Pixel phones
this vulnerability affects many major phone companies including huawei p20, pixel 1 and pixel 2, xiaomi, samsung with galaxy s7, s8 and s9 ... and most likely exploited by hackers.