Plugavel.
  • Home
  • Tech
  • Car
  • More
    • Privacy policy
    • About us
    • Contact us
No Result
View All Result
Plugavel.
  • Home
  • Tech
  • Car
  • More
    • Privacy policy
    • About us
    • Contact us
No Result
View All Result
Plugavel.
No Result
View All Result
ADVERTISEMENT

Log4Shell, the flaw that shakes all servers

13 de December de 2021
in Tech
La faille touche la plupart des serveurs de la Planète et sera exploitée tant qu'ils n'aurons pas été corrigés. © The Digital Artist, Pixabay
ADVERTISEMENT

Hackers have used the discovery of what appears to be the biggest critical vulnerability in Internet history to launch massive attacks on the servers of businesses and organizations around the world. Tesla, Microsoft, Apple, Twitter, or even the game Minecraft are among the victims.

You will also be interested


[EN VIDÉO] What is a cyberattack?
With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the most massive cyber attacks?

It has been dubbed “Log4Shell” and, in the opinion of experts, it is the worst flaw in Internet history. This critical zero day vulnerability has been identified at the end of last month in the library Apache Log4j Java by a member of the Alibaba security team. But it is only for two days that the Planet panics about this fault. Since last night, the government center for monitoring, alerting and responding to computer attacks (Cert France), affirms that it is currently widely used by hackers to execute code remotely and carry out attacks. The organization gave it a score of 10/10 in matter dangerous. And for good reason ! This flaw affects virtually all servers Java operator!

Hardly any high-tech giant is spared and this is also the case with many government sites and services all over the planet. So, as an example, Tesla, Apple, the game store Microsoft Steam, the Minecraft game, Twitter and even the security specialist Cloudflare are impacted. One fix was quickly set up by the Apache foundation but the damage is already done because the hackers have already taken the opportunity to carry out massive attacks. The time that this update is applied everywhere will give them a good leeway to carry out their misdeeds.

An easy to exploit flaw

Concretely, the flaw seems impressive in its simplicity. The attacker only needs to enter a few instructions to break into a target computer. It suffices that the address of a web page containing malicious code written in Java be inserted instead of an email address on a login page, for example Twitter, for this code to be executed. From this point on, the hacker can take control of the server by installing malwares. Likewise, the introduction of this malicious code into a Minecraft chat is a vector of contamination.

With malware, the attacker can easily remotely access computers and collect their data, use it to carry out malicious activities. cryptominage… According to some experts, this big flaw also shows that the software open source are now the easy target of attacks since they are heavily used on infrastructure.

Thus, hundreds of different open source components are used on the servers. It turns out that some have had critical vulnerabilities for several years without anyone noticing. It therefore remains difficult to secure complete architectures powered by this software.

This is precisely the kind of mission that the ethical hackers operating platforms like Hackerone with theInternet Bug Bounty, for example. The hackers called ” hunters »Earn bonuses for finding loopholes in open source software that does not have large means of funding.

Interested in what you just read?

.

ADVERTISEMENT
Tags: AlibabaCritical vulnerabilitycybersecurityfaille zero-dayflawhackeriCloudLog4ShellMicrosoftsecurityserverserversshakesTeslaTwitterZero-day exploit
ShareTweetPin

Related Posts

La coque transparente du phone (1) permet de voir certains des composants. © Nothing
Tech

Nothing phone (1): the long-awaited smartphone is revealed under its transparent shell

Nothing's first smartphone will be officially launched in less than a month. In the meantime, the firm has published on...

25 de June de 2022
L’assistant vocal Amazon Alexa pourrait bientôt reproduire la voix d’un proche défunt. © Amazon
Tech

Alexa will soon imitate your voice!

At its re:MARS conference on Wednesday, Amazon showed off a new feature that can imitate any voice with a one-minute...

25 de June de 2022
Soldes d
Tech

Cdiscount sales: the Surpass electric bike is only €449.99

Do you want to travel by electric bike? To cover long distances without feeling tired, the electric assistance of a...

25 de June de 2022
Ce microphone optique fonctionne grâce à un laser et deux caméras. © Mark Sheinin, Université Carnegie-Mellon
Tech

Revolutionary, this optical microphone records the instruments separately

Researchers have developed an optical microphone that uses cameras to record the vibrations of objects. This system makes it possible...

24 de June de 2022
Next Post
Futura vous explique comment éviter le pistage de vos e-mails sur Gmail et Outlook. © Muhammad Ribkhan from Pixabay

How to avoid email tracking on Gmail and Outlook?

VIDEO - A camel crosses in front of them in the middle of Kansas

VIDEO - A camel crosses in front of them in the middle of Kansas

Recommended

E.Leclerc launches into wireless audio with its Linkster bluetooth headphones

22 de February de 2022

QAnon’s leader was identified by an AI

22 de February de 2022

Elon Musk full of irony towards American Traffic Safety on Twitter

17 de February de 2022
Tennis players’ cars: the garage for the stars of Roland-Garros

Tennis players’ cars: the garage for the stars of Roland-Garros

3 de June de 2021
ADVERTISEMENT

Categories

  • Car
  • Carros
  • Tech
  • Tecnologia
ADVERTISEMENT
  • Home
  • Privacy policy
  • About us
  • Contact us
© 2021 Plugavel - News about technology and cars on one site Plugavel.
No Result
View All Result
  • Home
  • Tech
  • Car
  • More
    • Privacy policy
    • About us
    • Contact us