Describ by many experts as the most serious flaw of the decade or even in history, it allows attackers to invade computers and servers with extremely simple commands.
Log4Shell: understand the set of vulnerabilities that shook the world
“Apocalypse.” This powerful word was us by many
cybersecurity experts to describe the discovery of Log4Shell, a set of vulnerabilities that have been keeping industry professionals awake at night since image resize December 2021. The use of the term may seem like an exaggeration, but it is enough to understand the seriousness of the problem to agree with this attribution: we are talking about bugs that can affect a large part of the internet and cause gigantic damage to corporate computers, servers and applications.
The name Log4Shell was actually initially us to describe a single vulnerability found by researchers at the Chinese company Alibaba and disclos to the world on December 9. The vulnerability in question resid in Log4j, a famous open source library maintain by the Apache Foundation and us to record activity logs in Java applications. However, after the discovery of the original bug (CVE-2021-44228), several other similar ones were detect.
In the least technical terms possible, the Log4Shell vulnerabilities allow an attacker to execute arbitrary code in a vulnerable application, since the affect versions of Log4j respond to requests without first performing some necessary checks. This is a remote code execution (RCE) flaw. This makes it possible to steal sensitive data and even deploy malware on the attack machine. In fact, most criminals are taking advantage of the situation to install cryptocurrency miners, set up botnets and spread ransomware.
There is nowhere to run
You might be thinking: “Ok, but who uses this Log4j thing?” That’s where the biggest problem lies: practically everyone, even if they don’t know it! Log4j has been around for years and is the most widely us library in the world for recording and storing logs in உங்கள் வணிகத்தை வளர்க்க உங்களுக்கு தேவையான உள்ளூர் சந்தைப்படுத்தல் வழிகாட்டி software written in Java. It is so popular that it is includ in other libraries that many programmers use in their projects without even knowing that, deep down, there is Log4j doing its job. That is why there is so much despair.
Log4Shell was initially identifi in the game “Minecraft: Java ition” and the list of affect services and applications soon became gigantic. The Unit States government was so concern about the situation that it creat, on GitHub, a complete list of who america email list was and was not affect by the set of flaws.
