Security News

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said.

This time, the bug isn't in Apache's beleagured Log4j toolkit, but can be found in a popular Java SQL server called the H2 Database Engine. As a result, you can bundle the H2 SQL database code right into your own Java apps, and run your databases entirely in memory, with no need for separate server processes.

UK's National Health Service has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. According to the NHS notice, the actor is leveraging the exploit to achieve remote code execution on vulnerable VMware Horizon deployments on public infrastructure.

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "Large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors.

Only to return to the fray this week and find that the Apache Log2j team just put out the fourth patch in what you might call the Log4Shell Vulnerability Saga. Apache rapidly publishes Log4j 2.15.0, fixing the primary security hole.

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. The truth is we have no idea how severely attackers have taken advantage of the vulnerabilities in Log4j.

Log4Shell is a dangerous security concern - and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars. Log4Shell is the most severe vulnerability hitting systems in the end of 2021.

While open-source software doesn't guarantee a life free of vulnerabilities, it does guarantee fast response and remediation, which is crucial in the event of a large-scale security risk such as that brought on by Log4Shell. Open-source software is defined as "Software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose." Some of the benefits of this are lower hardware costs, higher-quality software, flexibility, security, and transparency.

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. As of today, Monday, Dec. 20, the attack chain has taken the following form, AdvIntel's Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> -> Kerberoast -> brute -> vCenter ESXi with log4shell scan for vCenter.