The Log4Shell vulnerability is not new. It is a flaw that was discovered in VMware servers and that makes them susceptible to being hacked or attacked by expert hackers. However, although this has been known for a long time, the United States Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm again. Apparently, since December 2021 several servers have been attacked.
This vulnerability causes malware to be installed on servers that allows confidential data to be obtained. and access remotely for full control. For this reason, the CISA insists on the importance of keeping the servers up to date, that there is maintenance of these and a control to detect any type of malicious activity. But is there a way to get rid of this vulnerability?
Patching the servers is the best way to bypass Log4Shell
The Log4Shell vulnerability is already active and there is nothing that can be done to completely remove it. However, there are measures that can be taken to protect VMware servers such as patching them. By doing this that vulnerability is fixed making VMware servers no longer exposed to potential hacks seeking access to sensitive information.
The CISA has warned, therefore, that all those organizations whose servers were not patched are at serious risk of vulnerability. Moreover, they may even have already been attacked and someone on the other side may be misusing the information they are collecting without the organizations realizing it. Therefore, action must be taken as soon as possible.
Hacked VMware servers, what steps to take?
The patch for VMware servers helps protect against the Log4Shell vulnerability. But what happens when it is suspected that some that have not been patched so far may have been hacked? In these cases, it is essential to isolate the systems that may be affected to prevent malware from spreading to other systems.
Likewise, it is suggested to make a compilation of the logs or hire experts who can help in the detection of any hacking attempts or malware within the servers. Once the results obtained confirm that the systems were infected, the incident should be reported. In this way, you will be able to carry out an adequate follow-up of this critical situation that is taking place.
Checking apps and updating to latest versions
Focus on testing the applications that organizations use on a daily basis, as well as verify that the latest versions of the systems are installed it is vital to best protect yourself from this vulnerability. This is something vital that is sometimes overlooked and that is that the updates include improvements and protection against these types of circumstances that can occur.
But, the bad news does not stop appearing and after all the work that the CISA has done it seems that it has found a new vulnerability: Spring4Shell. In this case, it affects those applications that use the Spring Framework, so it is advisable to be vigilant again. It is estimated that its impact may be greater than that of Log4Shell, so it must be given as much attention as possible. Investing in excellent security systems, as well as keeping VMware servers updated, is essential so that this critical Log4Shell vulnerability does not attack sensitive data, the consequences of which could be very negative.
