Security News

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache's Log4j logging library. To evade detection, attackers are mixing up the request patterns: For example, Microsoft has seen exploit code written that runs a lower or upper command within the exploitation string.

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "Large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors.

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker," SophosLabs researchers Andrew Brandt and Stephen Ormandy said in a new report published Tuesday.

As if the Log4Shell hellscape wasn't already driving everybody starkers, it's time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2 and iPadOS update - released by Apple on Monday along with updates for macOS, tvOS and watchOS - is as hairy as a Lhasa Apso.

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The vulnerability is tracked as CVE-2021-44228 and is also known by the monikers "Log4Shell" or "Logjam." In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks.

Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. A set of kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards.

You have to go into each one of your servers and see, Are we using Log4J either directly or indirectly in that environment? And if the answer is yes, then how can we mitigate that risk? Which, again, is trivially exploitable to a single string and takes, you know, minutes to set up an exploitation. If you're buying a software that's deployed on-premise, you don't necessarily have access into the innards of the server to start or patching the Log4J libraries.

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. An anonymous researcher has been credited with discovering and reporting the flaw.