Security News > 2021 > December > Critical Log4Shell security flaw lets hackers compromise vulnerable servers
A serious security vulnerability in a popular product from Apache has opened the floodgates for cybercriminals to try to attack susceptible servers.
Hackers know that organizations are often slow to patch even critical security flaws, which is why attackers are frantically hunting for unpatched systems.
For those who can't upgrade quickly enough, security firm Cybereason has released what it calls a "Vaccine" for the Log4Shell flaw, which prevents the bug from being exploited.
You can also identify if any of your remote endpoints and servers are susceptible to the flaw in the first place, as described in a blog post from security provider LunaSec.
"This will likely be an endemic problem that will continue for the near term as security and infrastructure teams race to find and patch vulnerable machines over the coming weeks and months," said Sean Nikkel, senior cyber threat intel analyst at Digital Shadows.
Beyond installing the latest patched version of Log4j, there are other steps organizations should take, both with this latest security flaw and with Java vulnerabilities in general.
News URL
Related news
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)