Hackers have used the discovery of what appears to be the biggest critical vulnerability in Internet history to launch massive attacks on the servers of businesses and organizations around the world. Tesla, Microsoft, Apple, Twitter, or even the game Minecraft are among the victims.
It has been dubbed “Log4Shell” and, in the opinion of experts, it is the worst flaw in Internet history. This critical zero day vulnerability has been at the end of last month in the library Log4j Java by a member of the Alibaba security team. But it is only for two days that the Planet panics about this fault. Since last night, the government center for monitoring, alerting and responding to (Cert France), that it is currently widely used by hackers to execute code remotely and carry out attacks. The organization gave it a score of 10/10 in dangerous. And for good reason ! This flaw affects virtually all Java operator!
Hardly any high-tech giant is spared and this is also the case with many government sites and services all over the planet. So, as an example, Tesla, was quickly set up by the Apache foundation but the damage is already done because the hackers have already taken the opportunity to carry out massive attacks. The time that this update is applied everywhere will give them a good leeway to carry out their misdeeds., the game store Steam, the Minecraft game, and even the security specialist Cloudflare are impacted. One
An easy to exploit flaw
Concretely, the flaw seems impressive in its simplicity. The attacker only needs to enter a few instructions to break into a target computer. It suffices that the address of a web page containing malicious code written inbe inserted instead of an email address on a login page, for example Twitter, for this code to be executed. From this point on, the hacker can take control of the server by installing . Likewise, the introduction of this malicious code into a Minecraft chat is a vector of .
With malware, the attacker can easily remotely access computers and collect their data, use it to carry out malicious activities.… According to some experts, this big flaw also shows that the software are now the easy target of attacks since they are heavily used on infrastructure.
Thus, hundreds of different open source components are used on the servers. It turns out that some have had critical vulnerabilities for several years without anyone noticing. It therefore remains difficult to secure complete architectures powered by this software.