Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Log4Shell: critical  ...

 Business

Various information security news outlets reported on the discovery of critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). Millions of Java applications use this library to log error messages. To make matters worse, attackers are already actively exploiting this   show more ...

vulnerability. For this reason, the Apache Foundation recommends all developers to update the library to version 2.15.0, and if this is not possible, use one of the methods described on the Apache Log4j Security Vulnerabilities page. Why CVE-2021-44228 is so dangerous CVE-2021-44228, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If attackers manage to exploit it on one of the servers, they gain the ability to execute arbitrary code and potentially take full control of the system. What makes CVE-2021-44228 especially dangerous is ease of exploitation: even an inexperienced hacker can successfully execute an attack using this vulnerability. According to the researchers, attackers only need to force the application to write just one string to the log, and after that they are able to upload their own code into the application due to the message lookup substitution function. Working Proofs of Concept (PoC) for the attacks via CVE-2021-44228 are already available on the Internet. Therefore, its not surprising that cybersecurity companies are already registering massive network scans for vulnerable applications as well as attacks on honeypots. This vulnerability was discovered by Chen Zhaojun of Alibaba Cloud Security Team. What is Apache Log4J and why this library is so popular? Apache Log4j is part of the Apache Logging Project. By and large, usage of this library is one of the easiest ways to log errors, and that is why most Java developers use it. Many large software companies and online services use the Log4j library, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. Because of the library being so popular, some information security researchers expect significant increase of the attacks on vulnerable servers over the next few days. #Log4Shell pic.twitter.com/1bKDwRQBqt — Florian Roth ? (@cyb3rops) December 10, 2021 Which versions of the Log4j library are vulnerable and how to protect your server from attacks? Almost all versions of Log4j are vulnerable, starting from 2.0-beta9 to 2.14.1. The simplest and most effective protection method is to install the most recent version of the library, 2.15.0. You can download it on the project page. If for some reason updating the library is not possible, Apache Foundation recommends using one of the mitigation methods. In case of Log4J versions from 2.10 to 2.14.1, they advise setting the log4j2.formatMsgNoLookups system property, or setting the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable to true. To protect earlier releases of Log4j (from 2.0-beta9 to 2.10.0), the library developers recommend removing the JndiLookup class from the classpath: zip -q -d log4j-core *. Jar org / apache / logging / log4j / core / lookup / JndiLookup .class. In addition, we recommend to install security solutions on your servers — in many cases this will allow you to detect the launch of malicious code and stop the attacks development.

 Malware and Vulnerabilities

Botnet operator MANGA was spotted abusing a recently disclosed vulnerability to hijack TP-Link routers and add them to their network of hacked devices. Attackers started exploiting the flaw just two weeks after TP-Link released the firmware update. Experts recommend always updating devices regularly and changing the default password with strong ones.

 Malware and Vulnerabilities

Researchers unearth the first professional ransomware variant written in Rust dubbed BlackCat. It can target Windows, Linux, and VMWare ESXi systems. The threat group uses a double extortion model and looks for partners to whom it offers a huge 80%–90% ransom cut. As per claims, the author of BlackCat ransomware was previously involved with REvil ransomware activities.

 Malware and Vulnerabilities

Moobot, a Mirai-based botnet, is reportedly abusing a critical flaw in the webserver of many Hikvision products, which were sanctioned by the U.S. in the wake of human rights abuse. The botnet is abusing a critical command injection flaw to target unpatched devices and extract sensitive data from victims. In order to   show more ...

protect IoT devices from such botnets, experts recommend applying available security patches as soon as possible.

 Feed

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote

2021-12
Aggregator history
Saturday, December 11
WED
THU
FRI
SAT
SUN
MON
TUE
DecemberJanuaryFebruary