A newly discovered flaw in a common piece of open-source software is prompting researchers and companies to update their systems in a bid to prevent hacks and ransomware attacks.
The vulnerability, known as CVE-2021-44228, was disclosed on Dec. 9, which allows remote access to servers and code execution, some experts have said. Meanwhile, Log4j is used in a large number of enterprise systems, raising concerns that it may be easily exploited.
Since the vulnerability, which some dubbed “Log4Shell,” so is widespread and is likely present in highly-trafficked websites and apps, users may also see their favorite websites and apps be impacted.
Cybersecurity firms Mandiant and Crowdstrike said that hacking groups are trying to breach systems, and Mandiant described to Reuters that they are “Chinese government actors,” in reference to the ruling Chinese Communist Party.