Security News

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to...

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. Log4Shell is an unauthenticated remote code execution flaw that allows taking complete control over systems with Log4j 2.0-beta9 and up to 2.15.0.

"Log4j was a wakeup call for many people about how technology is structured and how it is used," he explains. Once they spot a zero-day vulnerability, attackers need to figure out how best to maximise their returns from it, safe in the knowledge that no defence lies between them and their malicious objectives.

Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an alert posted Wednesday, the US cybersecurity agency said it detected the advanced persistent threat activity on an unnamed federal civilian executive branch organization's network in April. "CISA and the Federal Bureau of Investigation assess that the FCEB network was compromised by Iranian government-sponsored APT actors," according to the alert.

While some security teams are beginning to assess their own open-source security by implementing SBOMs, many businesses are considering ditching open-source software altogether. Instead of reluctantly using open source and blaming developers when something goes wrong, businesses should be working with the open-source community with the aim of improving security and working to minimize the fallout from the next vulnerability.

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. The attacks are notable for using SysAid Server instances unsecured against the Log4Shell flaw as a vector for initial access, marking a departure from the actors' pattern of leveraging VMware applications for breaching target environments.

Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software. The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.

The Cyber Safety Review Board recently labeled the Log4j security exploit as an 'endemic vulnerability' that will linger for years, according to a report released on Jul 11, 2022. "At some point, we're going to see even more visible use of Software Bill of Materials reports. Just as the FDA expects consumers to be able to stay informed about what they're putting in their bodies by way of standardized nutrition facts labels with clear lists of ingredients, businesses and other entities using software will want-and ultimately need-transparency about what goes into the software they're using."

Linode + Kali Linux: Added security for cloud instancesKali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. The enemy of vulnerability management? Unrealistic expectationsOrganizations vary by size, industry, level of maturity, but one thing that they all have in common is needing to know how to quickly remediate security vulnerabilities.