The update that was supposed to block the Log4Shell computer vulnerability, on which the Italian cybersecurity agency also raised an alarm last week, is itself the victim of a flaw that hackers are already exploiting. Praetorian researchers say this and have also released a video to prove it.
The problem is twofold: the first allows the execution of a DDoS-style attack on some configurations, that is a type of threat capable of blocking an entire website or system. the second is even more serious, because it facilitates the retrieval of data contained on a vulnerable server without any permission and without leaving a trace. This would be the reason why the Apache Software Foundation, which manages the code of the computer library affected by the Log4Shell bug, released the Java Log4J 2.16.0 update a few days later, which seems to be free from the further problem.
Specialists from Praetorian and Cloudflare security company explained that system and server administrators need to upgrade from the previous package, 2.15.0, to be sure to protect themselves from any third party intrusion into their networks. Log4j is a monitoring tool that creates server log files, included on many global services, such as Amazon and Twitter. On December 10, the possibility emerged of exploiting a bug in the code to trick a machine into executing unauthorized commands, even to infect the entire local network to which it is connected. The Apache Foundation had released a corrective version immediately after the news, which was later superseded by the most recent one. (HANDLE).
.
Source From: Ansa
I have been working in the news industry for over 10 years now and I have worked for some of the biggest news websites in the world. My focus has always been on entertainment news, but I also cover a range of other topics. I am currently an author at Global happenings and I love writing about all things pop-culture related.
