Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
In early December, the world was shocked when a critical code execution vulnerability was discovered in Log4j, a utility used by virtually every cloud computing service and enterprise network. Immediately, open source developers released an update to patch the bug and urged users to install the patch immediately.
Now researchers report that there are at least two vulnerabilities in the Log4j 2.15.0 patch update. Not only that, hackers are also exploiting one of those two vulnerabilities, targeting targets that have installed the patch. Therefore, the researchers once again urge everyone to quickly install the Log4j 2.16.0 update to patch the vulnerability being tracked under the code CVE-2021-45046.
According to the researchers, patch 2.15.0 is incomplete in some non-default configurations, creating an opportunity for hackers to perform DDoS attacks. This can cause the attacked servers to be completely paralyzed until restarting or other actions are taken.
Version 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
The remaining vulnerability in patch 2.15.0 discovered by security firm Praetorian is related to information leakage. Hackers can exploit this vulnerability to download data from affected servers. The company has reported the issue to the Apache Foundation but still strongly advises users to install patch 2.16.0 as soon as possible.
You should read it
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- 13 popular applications have serious security vulnerabilities, users need to update immediately
- AMD CPUs also have security vulnerabilities that have existed for many years now!
May be interested
- Warning: Dangerous security holes in Wordpress platform, hackers can take advantage to take control of the websiteaccording to the experts at cystack network security company, a dangerous vulnerability exists in the deleting function of all versions of wordpress, a popular website building platform.
- Detecting vulnerabilities in BitTorrent applications allows hackers to control user computersa serious flaw in the bittorrent application of transmission was discovered by tavis ormandy, a leading security expert at google. if successfully exploited, hackers can take full control of computers running linux or windows.
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safetheir mission is to attack to find security holes on windows, report to microsoft to research and release patches before the crook takes advantage of them for bad purposes.
- Learn about patcheswhen software vendors recognize vulnerabilities in their products, they often release patches to fix those vulnerabilities. make sure you immediately apply the relevant patches to your computer so that your system is protected
- The new vulnerability on Intel allows hackers to take control of your computer within 30 secondswhile intel's meltdown and specter vulnerabilities have not been completely overcome, the world faces a new security vulnerability that allows hackers to take complete control of the user's device and attack time within 30 seconds.
- Mysterious hackers offer Windows zero-day vulnerabilities to the world's most dangerous cyber criminalsa mysterious hacker with alias volodya or buggicorp is trying to sell zero-day vulnerabilities on windows to the world's most dangerous hacker groups.
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hackedapple has just released a security update to patch two zero-day vulnerabilities. in it, one has been made public and another is being exploited by hackers to penetrate iphones and macs. these are the first zero-day vulnerabilities that apple will patch in 2022.
- There are vulnerabilities that allow hackers to bypass the fingerprint security mechanism of Lenovo computersthe fingerprint manager pro program of microsoft windows 7, 8 and 8.1 allows users to store data, log in personal accounts on websites, log in to a lenovo computer via fingerprint there are many vulnerabilities that may allow hackers to access user sensitive data.
- Good hackers find and patch the vulnerability for more than 100,000 other routersrecently, zdnet has reported on a white hat hacker claiming to be alexey, specializing in finding vulnerabilities in mikrotik router system and patching up so that bad guys can't use them to do bad things.
- Three critical holes in Linksys routers, hackers can take advantage of hijackinglinksys e series routers can get three vulnerabilities that help hackers gain control.