A patch that fixed a critical vulnerability in a popular piece of software described as the worst in a decade by some has introduced at least two new ways for malicious actors to attack servers.
The discovery of the previously unknown exploit in Log4J, an open-source tool developed by the Apache Software Foundation, made global headlines last week. The vulnerability allowed servers using the logging utility to be made to execute any code.
The loophole was closed by a patch last week, but it introduced new vulnerabilities, as detailed by Ars Technica and ZDNet.
The developers confirmed that the fix was “incomplete in certain non-default configurations” and gave attackers the opportunity to launch denial-of-service attacks, which render a service inaccessible. Disabling certain functionality would mitigate the risk.
Another problem was reported by cybersecurity firm Praetorian, which said on Wednesday that the patch “can still allow for exfiltration of sensitive data in certain circumstances.”
Fortunately, a newer patch for the tool was released earlier this week. However, it takes time for the upgrade to be integrated by companies into their products.
The original 0-day vulnerability has been actively exploited by malicious actors. According to an estimate cited by the Financial Times, more than 1.2 million attacks using the Log4J flaw have been launched since Friday.
The utility is written in Java, a popular programming language used in many modern products, which explains why it was described as the “single biggest, most critical vulnerability of the last decade” by the security company Tenable.
source: RT
Împotriva articolelor redacției noastre, persoanele nemulțumite pot formula Contestație în termen de 10 zile de la publicarea articolului, la judecătoria Orășenească nr. 1 München Bayern Deutschland, in conformitate cu Legea federală Germană. Considerăm că nu se pot formula acțiuni la instanțele din România deoarece nici o persoană care activează în trustul nostru nu poate fi extrasă de sub jurisdicția federală germană. Considerăm că redacția noastră nu răspunde în fața autorităților din România ci doar celor federale sau civile germane. deoarece legea română nu are efecte de extraneitate asupra redacției chiar dacă subiectul știrilor face obiectul unor evenimente sau persoane din România și sunt scrise în limba română. Limba română nu este izvor de extraneitate a legii.
absolvent WEB DESIGN Academia Britanică de Comunicare Iasi - absolvent COMUNICARE IN AFACERI Academia Britanica de Afaceri si Comunicare -absolvent JURNALISM EDITORIAL - London School University - 2019 inscris la echivalare diploma la Universitatea Politehnica Timisoara - absolvent studii de Drept Universitatea Europeană Drăgan, cursuri in Drept la Universitatea de Vest Timisoara, absolvent studii de proiectare, pastor coordonator in Biserica Protestanta Evanghelica,
Android Developer pe Google Play și plugin developer la Oxwall, creator de teme Wordpress și Oxwall, operator Wordpress, Drupal, Oxwall, Osclass, Moodle, tehnologii HTML și PHP
The woman is charged with the statutory rape of at least nine boys, and allegedly plied them with gifts in exchange for sex Melissa Blair, 38, was arrested on Tuesday and charged with the statutory rape of nine boys at McMinn Central High School in Englewood, Tennessee. The mom allegedly gave the boys – aged […]
Protesters have set fire to the Solomon Islands’ parliament building compound as the island nation slugs it out over relations with China. Officers fired tear gas and rubber bullets to disperse a hundreds-strong crowd that encircled the country’s legislature on Wednesday, according to media reports. Police reinforcements in riot gear eventually managed to push the […]
The Philippines’ controversial leader Rodrigo Duterte has said that he will not run for vice-president of the country in the 2022 election, but will instead retire from politics altogether. Duterte, who has been president since 2016, is ineligible to seek another term in the next year’s presidential vote. His ruling PDP-Laban party instead nominated the […]
