December 16, 2021 14:35 GMT
The researchers are urging organizations to install the new software update for Apache Log4j, a tool widely used in applications and web pages, as soon as possible.
A security update that was supposed to correct a “software” flaw in Apache Log4j – an open source logging tool used by a large number of applications and web pages – has introduced new vulnerabilities that “hackers” can exploit to attack servers.
The flaw was first discovered last week in the Microsoft-owned video game Minecraft. A large number of services are at risk, as the affected tool is present in almost all major business applications and servers based on the Java programming language.
Amit Yoran, CEO of cybersecurity firm Tenable, Sure It is “the biggest and most dangerous vulnerability of the last decade”, without ruling out that it is perhaps the worst in the history of modern computing.
The issue was fixed with a security update, but it introduced new vulnerabilities. Praetorian cyber security company mentioned This Wednesday, the patch “may still allow sensitive data to be leaked in certain circumstances.” Also, the developers of Apache Log4j confirmed The fix was “incomplete in some non-default settings” and gave hackers an opportunity to launch denial of service attacks.
New Zealand’s Computer Emergency Response Team (CERT), Deutsche Telekom (Germany) and web monitoring service Greynoise warned that hackers were actively looking for vulnerable servers.
The original vulnerability was actively exploited by malicious actors. according to Appreciation Since last Friday, more than 1.2 million attacks have been launched using the Log4J exploit, the Financial Times reports.
Researchers are urging organizations to install the new patch, released earlier this week as version 2.16.0, as soon as possible to address the vulnerability identified as CVE-2021-45046.
“Proud web fanatic. Subtly charming twitter geek. Reader. Internet trailblazer. Music buff.”