It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Recently uncovered software flaw - "most critical vulnerability of the last decade"
page: 114
share:
Well, here's a kick in the teeth for internet security!
It's being patched as we speak, but how many small/medium websites and web application programmers will miss this dangerous flaw in Apache Services?
www.theguardian.com...
Stay safe!
It's being patched as we speak, but how many small/medium websites and web application programmers will miss this dangerous flaw in Apache Services?
www.theguardian.com...
Log4Shell grants easy access to internal networks, making them susceptible to data loot and loss and malware attacks
A critical vulnerability in a widely used software tool – one quickly exploited in the online game Minecraft – is rapidly emerging as a major threat to organizations around the world.
The flaw, dubbed “Log4Shell”, may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on 24 November by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
Stay safe!
edit on 11/12/2021 by Encia22 because: Just tinkering
It made work interesting yesterday.
cve-2021-44228-log4j-rce-0-day-mitigation
Thankfully, most of our systems were unaffected (and none were exploited before remediation.)
cve-2021-44228-log4j-rce-0-day-mitigation
Affected:
In all Log4j versions >= 2.0-beta9 and below 2.14.1 JNDI features used in configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution.
Mitigation/Remediation:
Update to newest version
If updating to the latest version is not possible, customers can also mitigate exploit attempts by setting the system property "log4j2.formatMsgNoLookups" to “true”; or by removing the JndiLookup class from the classpath;
Or by adding the JMV flag "-Dlog4j2.formatMsgNoLookups=true"
Thankfully, most of our systems were unaffected (and none were exploited before remediation.)
edit on 11-12-2021 by Elton because: (no reason given)
originally posted by: Elton
It made work interesting yesterday.
cve-2021-44228-log4j-rce-0-day-mitigation
Affected:
In all Log4j versions >= 2.0-beta9 and below 2.14.1 JNDI features used in configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution.
Mitigation/Remediation:
Update to newest version
If updating to the latest version is not possible, customers can also mitigate exploit attempts by setting the system property "log4j2.formatMsgNoLookups" to “true”; or by removing the JndiLookup class from the classpath;
Or by adding the JMV flag "-Dlog4j2.formatMsgNoLookups=true"
Thankfully, most of our systems were unaffected (and none were exploited before remediation.)
Phew, thanks for pointing out this affects Log4j/Java ecosystem and not, say, httpd.
Had me nervous for a second.
new topics
-
Paramilitary Leaks - John Williams
Whistle Blowers and Leaked Documents: 5 hours ago -
Some sausage, some chicken, some sauce, some onions and some garlic...and some peppers!
Food and Cooking: 6 hours ago -
Hearing more ambulances lately
Medical Issues & Conspiracies: 6 hours ago -
Los Angeles brush fires latest: 2 blazes threaten structures, prompt evacuations
Mainstream News: 6 hours ago -
House Passes Laken Riley Act
Mainstream News: 7 hours ago -
The more I think about it
General Chit Chat: 8 hours ago -
What Comes After January 20th
Mainstream News: 10 hours ago -
Canada as a state .. how would it work?
General Chit Chat: 10 hours ago -
Those stupid GRAVITE commercials
Rant: 10 hours ago -
Let's Buy Greenland
General Chit Chat: 11 hours ago
top topics
-
House Passes Laken Riley Act
Mainstream News: 7 hours ago, 22 flags -
What Comes After January 20th
Mainstream News: 10 hours ago, 18 flags -
Claim: General Mark Milley Approved Heat and Sound Directed Energy Weapons During 2020 Riots
Whistle Blowers and Leaked Documents: 16 hours ago, 12 flags -
Planned Civil War In Britain May Be Triggered Soon
Social Issues and Civil Unrest: 14 hours ago, 7 flags -
Let's Buy Greenland
General Chit Chat: 11 hours ago, 6 flags -
Those stupid GRAVITE commercials
Rant: 10 hours ago, 5 flags -
Hearing more ambulances lately
Medical Issues & Conspiracies: 6 hours ago, 5 flags -
Los Angeles brush fires latest: 2 blazes threaten structures, prompt evacuations
Mainstream News: 6 hours ago, 5 flags -
The more I think about it
General Chit Chat: 8 hours ago, 4 flags -
Canada as a state .. how would it work?
General Chit Chat: 10 hours ago, 4 flags
14