Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian … [Read more...] about Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Log4J
New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 … [Read more...] about New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J library, a Java-based logging tool widely used in applications around the world. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers – impacting a broad range of services and applications.Logz.io has been aware of the … [Read more...] about Logz.io Security Update: Log4j / Log4Shell Vulnerability Response
Log4J Does What?!!! | Logz.io
You have probably heard of Log4Shell, the security vulnerability that has ‘earned’ itself an NIST rank of 10:Source: https://nvd.nist.gov/vuln/detail/CVE-2021-44228In this post I will show a really basic example of how this vulnerability actually works. I will walk you through some basic usage of the Log4J library and then show how some fairly basic inputs into this library can … [Read more...] about Log4J Does What?!!! | Logz.io
Elastic Stack 6.8.23 released with Log4j update
Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic Stack Source link … [Read more...] about Elastic Stack 6.8.23 released with Log4j update
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker … [Read more...] about NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
Cybersecurity agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated … [Read more...] about CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the government about a critical security vulnerability affecting the broadly used Log4j … [Read more...] about China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
CrowdStrike Launches Free Targeted Log4j Search Tool
The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you have … [Read more...] about CrowdStrike Launches Free Targeted Log4j Search Tool