• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Minecraft Players Need to Update Immediately as Nasty Zero-Day Threatens Apps Across the Web

Justin Rowell by Justin Rowell
29.09.2022
Home Computing

Photo: Joe Raedle (Getty Images)

Everybody get ready to patch up. What started off as a security issue for fans of the immensely popular video game Minecraft has quickly transformed into a full-blown, internet-wide crisis.

In short, a particularly severe vulnerability in the broadly-used Java logging library Apache Log4j has been discovered—the likes of which affects droves of widely used platforms.

The bug initially gained widespread attention Friday as an issue affecting players of Minecraft’s Java Edition. In a PSA posted Friday, company officials warned players that the security flaw needed attention immediately. “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take the following steps to secure your game and your servers,” the statement reads, outlining a step-by-step guide for patching.

The vulnerability, which has been nicknamed Log4Shell, has been formally identified as CVE-2021-44228 by the Apache Software Foundation and has apparently been given a severity rating of 10 on the Common Vulnerability Scoring System scale—the highest possible rating.

But, unfortunately, as previously noted, Minecraft isn’t the only application to be threatened by the bug. In fact, we may have a pretty big problem on our hands here—as reportedly “millions” of applications use log4j, including some of the web’s largest platforms (see: Apple, Twitter, Cloudflare, Valve, and others). Cybersecurity experts took to the internet Friday to express dire concern for the vulnerability. They are pretty much begging companies to patch their systems immediately.

Save $59Apple AirPods

Turn up the volume

The latest AirPods 3 and Pro are on sale, but Apple's 2nd Generation AirPods—though getting older by the day—bring the heat with a 37% discount.

Buy AirPods 2 for $100 at Amazon

Robert Graham, a cybersecurity expert, temporarily changed his Twitter username to “THREAT LEVEL RED FIX YOUR LOG4J.” Famed British hacker Marcus Hutchins called the vulnerability “extremely bad.” And even the cybersecurity director at the NSA, Rob Joyce, chimed in: “The log4j vulnerability is a significant threat for exploitation due to the widespread inclusion in software frameworks, even NSA’s GHIDRA,” he claimed.

Reports of active exploitation have also begun to trickle in. GreyNoise, a security firm, wrote on Twitter that it was seeing active exploitation of the bug: “GreyNoise is detecting a sharply increasing number of hosts opportunistically exploiting Apache Log4J CVE-2021-44228. Exploitation occurring from ~100 distinct hosts, almost all of which are Tor exit nodes.” Other security companies have made similar assessments.

Further information on the vulnerability and mitigation steps can be found on Apache’s website. If your organization uses the log4j library, security experts are recommending that you upgrade to log4j-2.1.50.rc2 immediately. Better do it! This is just the beginning for this extremely dangerous vulnerability.


Next Post
Walmart’s $199 Oculus Quest 2 deal is still available

Walmart's $199 Oculus Quest 2 deal is still available

Recommended.

Best sites to buy MP3 and digital music you own forever

Best sites to buy MP3 and digital music you own forever

29.09.2022
Dying Light 2 skill trees let you become a zombie-slaying, parkour master

Dying Light 2 skill trees let you become a zombie-slaying, parkour master

29.09.2022

Trending.

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

06.01.2023
Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

30.01.2023
Travel Business and Content Marketing: A Match Made in Heaven

Travel Business and Content Marketing: A Match Made in Heaven

07.02.2023
Join MDM for a holiday happy hour in Austin on December 16th

Join MDM for a holiday happy hour in Austin on December 16th

29.09.2022
The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

29.09.2022
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

28.03.2023
Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

07.03.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release