A serious vulnerability was discovered in Log4j at the end of last year. This is a software tool from Apache for generating log files used in many (web) applications. The vulnerability made it possible to infiltrate networks and carry out ransomware attacks.
AWS released a tool in December to help update vulnerable versions of Log4j. However, it contained vulnerabilities that created a new threat. In fact, it was unintentionally possible for attackers to exit the container in which the tool was installed, run code on the underlying host, and potentially hijack dozens or hundreds of other containers.
Palo Alto Networks research team Unit 42 blogged about the vulnerability discovered by cloud security researcher Yuval Avrahami. Earlier that same day, AWS issued a security alert and patches to address the vulnerability. Unit 42 recommends that organizations check their container environment for the vulnerable tool and apply Amaxon’s fix as soon as possible.
Source: Hardware Info
