Serious was revealed last week log4j logging framework vulnerability 2that allows attackers to remotely execute code to control an application. This is a major security issue as this tool is widely used in many corporate environments. According to security experts, there is also a big bug Wanted and abused by attackers.
After the bug became public, it only took a few hours for the first attempts to find and exploit it in the networks. According to Check Point experts, the number of attempts reached enormous numbers in the first three days.
Since we started implementing our protection, we have prevented more than 1,272,000 attempts to discover vulnerabilities, more than 46% of which are from known groups. said Check Point, a cybersecurity company. According to her, 40% of the world’s networks have already been scanned in this way.
The main problem is the large extent of the problem framework.
Unlike other major cyberattacks, Log4j is essentially built into every Java-based product or web service. It is very difficult to fix it manually Company representatives write to your blog. In some cases, organizations may not even know that the library is part of their applications. As a result, some organizations can be vulnerable without their knowledge.