Countless digital goods and services have been affected internationally since December 1, 2021, as a vulnerability related to the open-source logging framework Apache Log4j 2 has been aggressively abused.
The researchers claim that the flaw is still present in an excessive number of systems around the world and that attackers will continue to successfully exploit it for years.
Every year, a number of urgently needed fixes for severe vulnerabilities are found, but Log4Shell stood out because it was so simple to exploit wherever it was found and offered little to no room for attackers to maneuver. Logging tools are used by developers to keep track of activity within a certain application.
To take advantage of Log4Shell, all attackers have to do is trick the system into logging a unique piece of code. They can then take over their target’s computer and install malware or launch other types of online attacks. Because log-makers are going to log in, adding the malicious snippet to an email or account username is an easy way to introduc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: