The days were revealed a vulnerability in the Apache Log4j logging platform – a software used in a variety of apps, services, e-commerce platforms and games. The vulnerability is considered particularly serious because it can be easily exploited by attackers who can easily access servers by using a special code string.
Apache has released an update to remove the vulnerability but many still have the old version and cyber security companies state that attackers are actively scanning and searching for vulnerable devices, writes Bleepingcomputer.
In order to be able to close the hole more quickly, therefore, security experts at the company Cybereason have released a script that can “vaccinate” the vulnerable bodies at a distance. The project is called Logout4Shell.
At the same time, there are fears that this script will also be used by attackers who, for example, block other hackers from taking over a compromised server.
Cybereasons CTO Yonatan Striem-Amit tells Bleepingcomputer that they still believe that the benefits outweigh the risk of abuse in this situation.
– .
