The vulnerability can be activated simply by saving a certain string of characters in the log. It is there to record various events in server operation like in a log book – for example for a later evaluation of errors. A QR scanner or a contactless door lock could also be attacked if they used Java and Log4j, warned the IT security service provider Cloudflare. Experts warned that it is not just online systems that are at risk. However, its protection only takes effect when service providers install it. ![]() Anyone who installs the update could already be compromisedĪn update is now available for the affected versions of the open source Log4j library. “If the manufacturers provide updates, these should be installed immediately,” recommended the office to the service providers. The BSI is also currently in the process of collecting information about where the library in question is currently being used. The infrastructure for the special electronic lawyer’s mailbox (beA) was briefly offline at the weekend, but the weak point has now been fixed, the operator reported. For its own cloud platform Azure, Microsoft published recommendations for customers in its own security blog on Friday the Australian software provider Atlassian (Jira, Confluence, Trello) is currently examining whether its own products could be affected. Cybercriminals are also said to have tried to exploit the vulnerability on Twitter, Amazon, Apple’s iCloud service and the game provider Steam over the weekend. The problem was noticed on Thursday on servers for the online game “Minecraft”. These come from the Darknet, said the CERT team on Twitter. For example, the Computer Emergency Rescue Team (CERT) at Deutsche Telekom reported that they were already registering automated attacks on servers with the corresponding vulnerabilities. In principle, however, many other services can also be configured in such a way that they can be attacked via the vulnerability.Ĭyber criminals have been trying to actively exploit the vulnerability since the weekend. This is part of one of the most widespread open source software (Apache) used to operate web servers on the Internet. The code is a logging library for Java applications. While the IT gap does not affect consumers, in principle anyone who operates a server with an online service could be affected by the vulnerability. However, nobody has a full overview of where the endangered versions of Log4j are being used. ![]() The vulnerability is limited to a few versions of the library called Log4j. ![]() For example, they could use this to run their malware there. The vulnerability (CVE-2021-44228) could allow attackers to execute their software code on the servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |