In the last 48 hours, a critical vulnerability called Log4Shell that afflicts the open source log4j module of Apache Project, the heart of the majority of applications hosted by servers around the world, has been disclosed by authoritative researchers. This implies the presence of a vast and diversified attack surface on the entire Internet network and considering its simplicity of exploitation, even by unsophisticated actors, makes the reported vulnerability particularly serious.
The technicians of the National Cybersecurity Agency, reads a note, in constant contact with their European and international agencies, recommend, given the danger of vulnerability, to minimize its exposure on the internet by applying the necessary measures to their own server as soon as possible. Csirt Italia is publishing specific security updates on the public portal https://csirt.gov.it, including the procedures to resolve the aforementioned vulnerability, to which the technical managers of public and private IT services are invited to refer.