Firm Releases Log4j “fix” For Systems Unable To Update

Share post:

Cybersecurity firm Cybereason recently released a fix that fixes the Log4j zero-day vulnerability, which is currently being exploited by attackers.

Although some users have not been able to fix the Apache Log4Shell vulnerability, the fix ensures that those who have not been able to update their systems, or who have not been able to do so immediately, will continue to be able to patch their systems thanks to the “Logout4shell” tool, which is available to access GitHub and as the company says, “is a relatively simple fix that requires only basic Java skills to implement.”

Yonatan Striem-Amit, CTO of Cybereaso explained, explains what the Log4j vulnerability fixing tool looks like: “In short, the fix uses the vulnerability itself to set the flag that turns it off. Because the vulnerability is so easy to exploit and so ubiquitous–it’s one of the very few ways to close it in certain scenarios. You can permanently close the vulnerability by causing the server to save a configuration file, but that is a more difficult proposition. The simplest solution is to set up a server that will download and then run a class that changes the server’s configuration to not load things anymore.”

The solution met with mixed reactions from security experts. While some praised the company for its initiative, others believe that such a move is not enough to protect all organizations currently affected by the bug.

For more information read the original story in ZDNet.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways