Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Must Read

As the Internet faces one of the most serious vulnerabilities in recent years, putting millions of devices at hacking risk, attackers are now making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

The description of the new vulnerability, titled ‘CVE 2021-45046’, says the fix to address the earlier security bug (CVE-2021-44228) in ‘Apache Log4j 2.15.0’ was “incomplete in certain non-default configurations”.

Also Read

“It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

“This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description read.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare, and Minecraft, are vulnerable to the ‘ubiquitous’ zero-day exploit.

Apache has now released a new security patch to address the second bug.

‘Apache Log4j’ is used in many enterprises and open-source software forms, including cloud platforms, web applications, and email services.

It is the most popular java logging library, with over 400,000 downloads from its GitHub project. It is used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.

“Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks,” cyber security researchers at Check Point had said in a blog post.

Another cyber security company Sophos said that it is already detecting malicious crypto miner operations attempting to leverage the vulnerability. There are credible reports from other sources that several automated botnets (such as Mirai, Tsunami, and Kinsing) have begun to exploit it as well.

Currently, most of the attacks focus on using cryptocurrency mining at the expense of the victims. However, under the auspices of the noise, more advanced attackers may act aggressively against quality targets.

Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities, including a range of crypto-mining malware.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -