Log4J

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Aug 27, 2022 by iHash Leave a Comment

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian … [Read more...] about Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

Mar 16, 2022 by iHash Leave a Comment

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 … [Read more...] about New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

Logz.io Security Update: Log4j / Log4Shell Vulnerability Response

Feb 6, 2022 by iHash Leave a Comment

On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J library, a Java-based logging tool widely used in applications around the world. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers – impacting a broad range of services and applications.Logz.io has been aware of the … [Read more...] about Logz.io Security Update: Log4j / Log4Shell Vulnerability Response

Log4J Does What?!!! | Logz.io

Jan 21, 2022 by iHash Leave a Comment

You have probably heard of Log4Shell, the security vulnerability that has ‘earned’ itself an NIST rank of 10:Source: https://nvd.nist.gov/vuln/detail/CVE-2021-44228In this post I will show a really basic example of how this vulnerability actually works. I will walk you through some basic usage of the Log4J library and then show how some fairly basic inputs into this library can … [Read more...] about Log4J Does What?!!! | Logz.io

Elastic Stack 6.8.23 released with Log4j update

Jan 17, 2022 by iHash Leave a Comment

Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic Stack Source link … [Read more...] about Elastic Stack 6.8.23 released with Log4j update

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

Jan 8, 2022 by iHash Leave a Comment

The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker … [Read more...] about NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

Dec 29, 2021 by iHash Leave a Comment

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

Dec 29, 2021 by iHash Leave a Comment

Cybersecurity agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated … [Read more...] about CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

China suspends deal with Alibaba for not sharing Log4j 0-day first with the government

Dec 23, 2021 by iHash Leave a Comment

China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the government about a critical security vulnerability affecting the broadly used Log4j … [Read more...] about China suspends deal with Alibaba for not sharing Log4j 0-day first with the government

CrowdStrike Launches Free Targeted Log4j Search Tool

Dec 23, 2021 by iHash Leave a Comment

The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you have … [Read more...] about CrowdStrike Launches Free Targeted Log4j Search Tool

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54