Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
Log4j is developed by the Apache Foundation and is widely used by both enterprise applications and cloud computing services.
As a result, anything from enterprise software to web applications and products from Apple, Amazon, Cloudflare, Twitter, and Steam can be vulnerable to remote code execution (RCE) attacks. Even users are at risk because some popular games like Minecraft still use Java.
Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises Picture 1
Hackers are actively looking for victims
The new zero-day vulnerability is tracked under the code CVE-2021-44228 and is named Log4Shell or LogJam. Successfully exploiting this vulnerability, hackers can take control of all systems with Log4j installed from version 2.0-beta9 to version 2.14.1.
Alibaba Cloud's security team reported this vulnerability to Apache on 11/24. They also revealed that CVE-2021-44228 affects default configurations of many Apache frameworks including Apache Strust2, Apache Solr, Apache Druid, Apaceh Flink, etc.
After the first Log4Shell exploit was shared on the Internet on December 9, hackers actively scoured the internet for vulnerable systems. They target systems that contain vulnerabilities but are not heavily protected, do not require authentication, and can be exploited remotely.
Patches and damage reduction methods are available
Apache has now released Log4j version 2.15.0 to address the critical vulnerability CVE-2021-44228.
Vulnerabilities can also be reduced if you set the "log4j2.formatMsgNoLookups" system property to "true" or remove the JndiLookup class from the classpath. This damage reduction method only works with Log4j version 2.10 and above.
Researchers from cybersecurity company Cybereason have also released a "vaccine" package called Logout4Shell that can be installed onto a vulnerable Log4j server remotely to reduce the vulnerability of the vulnerability.
You can learn more about Logout4Shell by visiting the link here.
Minecraft is currently actively looking for ways to patch CVE-2021-44228 while a series of agencies and organizations have warned about this vulnerability.
Jessica TannerYou should read it
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
Maybe you are interested
How to install and configure Apache on Rocky Linux
How to Install Apache Guacamole via Docker on Ubuntu 22.04
How to install Apache Netbean on Windows 10
How to Enable Cross Origin Resource Sharing (CORS) for Sharing Resource Using Apache Servers, PHP and Jquery
How to Set up Php on Apache 2.2.3 on CentOS 5.3
Compare Nginx and Apache
Security solution
Detecting a serious security flaw on Viber Desktop, users need to update immediately- Why is Windows 11 so much more secure than Windows 10?
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- Why should we use a VPN to protect our devices?
- Detected Critical Security Bugs Affecting All Versions of Windows
- Detecting new malicious code capable of 'evading' most anti-virus software
Detecting a serious security flaw on Viber Desktop, users need to update immediately
Why is Windows 11 so much more secure than Windows 10?
Detecting an 8-year-old security flaw, affecting 150 HP printer models
Why should we use a VPN to protect our devices?
Detected Critical Security Bugs Affecting All Versions of Windows
Detecting new malicious code capable of 'evading' most anti-virus software