Serious vulnerability in Apache Logging System

360

Cybersecurity Researchers from CrowdStrike have found a new zero-day flaw that, as per their analysis, can prove as a worst internet hack ever detected in the history. Dubbed as Log4Shell, the new flaw allows threat actors to log into a system with no authentication, such as passwords.

Currently, the susceptibility was witnessed on Microsoft owned Minecraft gaming systems where hackers can attribute a hack just by typing some text in a chat, leading to the penetration of computer-based defense-line of many online service providers.

Adam Meyers, the Vice President of Threat Intelligence of CrowdStrike, confirmed the weaponized vulnerability and stated that it could affect cloud servers and enterprise software used by public and private companies around the globe within no time.

New Zealand’s Computer Emergency Response Team has reported that the hack was already being exploited in the wild and can prove as a most critical vulnerability found in this decade.

Note 1- Please note that the highlight of this Log4Shell security vulnerability finding is that it was first found and reported by Chinese tech giant Alibaba on November 23rd,2021.

Note 2- Apache Software Foundation is a non-profit American company that supports open source projects and was formed by the developers of Apache HTTP Server found in March 1999. Apache offers a kind of legal shield to all volunteers working on the projects and also fights to keep the sanctity of branding intact.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security