Security teams across the globe are scrambling to solve a dangerous new zero-day vulnerability in the popular Apache logging system that is now widely exploited.
Log4Shell attacks began two weeks ago, Cisco and Cloudflare say – The Record by Recorded Future.
Dubbed “Log4Shell,” the bug was found in the Java-based logging product Log4j and could lead to remote simple code execution, allowing attackers to deploy malware on a target server.
The exploit is dangerous for two reasons: Log4j is used by applications and platforms found on the internet, including Minecraft, Apple iCloud, Tesla, Cloudflare, and Elasticsearch. Second, it is relatively easy to exploit, by forcing a vulnerable application to log a specific string of characters.
That can be done in many different ways as the application records many different types of events. According to a researcher, Minecraft servers are exploited simply by typing a short message into the chat box.
Sophos has posted a detailed write-up about this vulnerability: CVE-2021-44228.
The impact of this discovery could dominate the work of cybersecurity experts in the coming weeks.
According to Sophos senior threat researcher Sean Gallagher, Log4Shell has been exploited to install cryptocurrency miners, expose AWS keys, and install remote access tools including Cobalt Strike in victim environments. core.
“Log4Shell is a library used by many products. As a result, it can be present in the darkest corners of an organization’s infrastructure, such as any software developed in-house. Finding all vulnerable systems for Log4Shell should be a priority for IT security,” he added.
“Sophos expects the rate at which attackers are exploiting and using vulnerabilities to only intensify and diversify in the coming days and weeks. Once an attacker has secure access to the network, any infection can occur. Therefore, along with the software update that has been released by Apache in Log4j 2.15.0, IT security teams need to scrutinize network activity to detect and remove any traces of intruders. import”
Check Point claims to have blocked 400,000 attacks for customers from late Friday through Sunday.
Bugcrowd founder Casey Ellis described the incident as “a worst-case scenario.”
“The combination of Log4j’s widespread use in software and platforms, the many available avenues to exploit the vulnerability, and the dependencies will make it difficult to patch this vulnerability without breaking the system. so it’s difficult. This is going to be a long weekend for a lot of people,” he added.
Source: Infosecurity-magazine.com
Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.
Businesses and organizations wishing to contact Vina Aspire Company with the following information:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin
