Скачать или смотреть Apache Log4j 2 - Remote Code Execution (RCE) Demo | CVE 2021 44228 | SAFE SECURITY

In November 2021, Alibaba reported a zero-day vulnerability to the Apache Software Foundation affecting Log4j2, an open-source Java framework designed to log events. Its use is widespread within enterprise organizations and included in popular Apache frameworks.
Since the release of this information on December 9th, the global security community has determined this as a severe vulnerability, assigned the maximum severity score of 10/10, which is believed to have already caused ‘potentially incalculable’ damage. It has been dubbed by many as the most critical vulnerability we have seen in recent years due to the low-level expertise required to use this exploit and Log4j’s presence in the world’s most popular applications affecting both organizations and individuals. Services affected include Apple iCloud, Amazon Web Services, IBM, Twitter, Steam, - even Minecraft - and there’s no doubt that there is some technology used both at work and home that utilizes
the Log4j framework.

The security community has already produced numerous reports of attackers hunting for this vulnerability and successfully weaponizing it in the form of ransomware, trojans, C2, and crypto mining malware injection. The national government and security agencies are providing guidance to help businesses respond, but no matter how many fixes are
produced, they still have to be applied to deem the device or service safe for use. It is therefore critical for any security team to stay tuned into new intelligence, information, and advice over the coming weeks and months.