Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
Log4j is developed by the Apache Foundation and is widely used by both enterprise applications and cloud computing services.
As a result, anything from enterprise software to web applications and products from Apple, Amazon, Cloudflare, Twitter, and Steam can be vulnerable to remote code execution (RCE) attacks. Even users are at risk because some popular games like Minecraft still use Java.
Hackers are actively looking for victims
The new zero-day vulnerability is tracked under the code CVE-2021-44228 and is named Log4Shell or LogJam. Successfully exploiting this vulnerability, hackers can take control of all systems with Log4j installed from version 2.0-beta9 to version 2.14.1.
Alibaba Cloud's security team reported this vulnerability to Apache on 11/24. They also revealed that CVE-2021-44228 affects default configurations of many Apache frameworks including Apache Strust2, Apache Solr, Apache Druid, Apaceh Flink, etc.
After the first Log4Shell exploit was shared on the Internet on December 9, hackers actively scoured the internet for vulnerable systems. They target systems that contain vulnerabilities but are not heavily protected, do not require authentication, and can be exploited remotely.
Patches and damage reduction methods are available
Apache has now released Log4j version 2.15.0 to address the critical vulnerability CVE-2021-44228.
Vulnerabilities can also be reduced if you set the "log4j2.formatMsgNoLookups" system property to "true" or remove the JndiLookup class from the classpath. This damage reduction method only works with Log4j version 2.10 and above.
Researchers from cybersecurity company Cybereason have also released a "vaccine" package called Logout4Shell that can be installed onto a vulnerable Log4j server remotely to reduce the vulnerability of the vulnerability.
You can learn more about Logout4Shell by visiting the link here.
Minecraft is currently actively looking for ways to patch CVE-2021-44228 while a series of agencies and organizations have warned about this vulnerability.
Jessica TannerYou should read it
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
May be interested
- Detecting a serious security flaw on Viber Desktop, users need to update immediately
the research team of vncert/cc center recently issued a warning about a serious security hole in the viber desktop chat application - the viber chat application installed on users' computers, to the development team. viber products to fix. - Why is Windows 11 so much more secure than Windows 10?windows 11 will be a more secure operating system than windows 10. microsoft's new focus on security in windows 11 will revolve around a few key features.
- Detecting an 8-year-old security flaw, affecting 150 HP printer modelsresearchers have discovered several security vulnerabilities affecting at least 150 models of hp multifunction printers (print, scan, fax).
- Detected Critical Security Bugs Affecting All Versions of Windowsa critical security vulnerability, affecting all versions of windows, has just been discovered. notably, there are indications that hackers have exploited this security hole to attack users.
- Detecting new malicious code capable of 'evading' most anti-virus softwarecybersecurity experts at hp company (usa) have discovered a new malware that is able to evade most anti-virus software. the new malicious code is named ratdispenser.
- What is Cobalt Strike? How do security researchers use Cobalt Strike?cobalt strike is mainly used by security researchers to evaluate security vulnerabilities in the environment.
Security solution
New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Google discovered two serious vulnerabilities on iOS
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number
New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
Google discovered two serious vulnerabilities on iOS
AMD CPUs also have security vulnerabilities that have existed for many years now!
Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number