Tag Archive for: Vulnerability

Computer security experts scramble to fix ‘vulnerability of the decade’


WASHINGTON — Criminals, cyber spies, and hackers around the world are launching thousands of attempts every hour to exploit a flaw in a widely used logging software as cybersecurity experts are scrambling to close the loophole and prevent catastrophic attacks.

In early December, a security researcher at Chinese online retailer Alibaba discovered and reported the software flaw in a widely used tool called log4j. The open-source tool is a Java-based library developed by Apache that software developers use to track activity within an application.

Every time anyone on the internet connects to a site, a cloud-service provider, or others, the company managing the site or the service captures data about the activity and stores it in a log. Hackers are now attempting to break into such logs and launch attacks.

“We have kind of what I call a threefold problem here,” said Steve Povolny, principal engineer and head of advanced threat research at McAfee Enterprise. “The simplicity of the attack, the ubiquity of vulnerable installed base, and the wide availability of exploit code really combine to make this … maybe the vulnerability of the decade.”

Although Apache has offered a patch to fix the flaw, companies and government agencies use many versions of the log4j tool and are trying to figure out which fix works with what version, Povolny said. But as of late last week, security researchers have identified that a fix known as version 2.16 “effectively solves the problem,” he said.

Nevertheless, as companies and government agencies around the world attempt to fix the problem there’s “no question that this has been and is going to continue to be further weaponized,” Povolny said.

The widespread vulnerability marks a bookend to a year notable for significant cyber and ransomware attacks. At the start of 2021 the world began to grapple with the consequences of a sophisticated Russian attack on SolarWinds, a software management company, which was discovered in December 2019. The attack exposed dozens of U.S. agencies and thousands of companies to potential exploitation by Russian intelligence services.

In the months since, ransomware attacks crippled pipeline operator Colonial Pipeline and…

Source…

Nation-state hackers are already exploiting the scary Log4j vulnerability


Security researchers recently stunned the world with the Log4Shell hack, revealing that the entire internet is scrambling to patch a vulnerability in a widely used Java utility that many companies employ in their servers. Also known as the Log4j hack, the security issue allows hackers to get into computer systems without a password. We saw the first proof of concept in Minecraft, where hackers used text messages to control a computer remotely.

Unlike other massive security breaches, the fix for Log4j isn’t simple, and end-users can’t do anything about it themselves. It’s up to companies to patch the vulnerability. And each provider of an internet product will have to ensure that Log4j attacks can’t breach their servers. Researchers have now discovered that nation-state hackers from China, Iran, and North Korea are already looking into exploiting the scary vulnerability.

Today’s Top Deals

Don’t Miss: Wednesday’s deals: $89 AirPods 2, Beckham pillows, $89 Philips Hue bundle, more

Unpatched Log4j servers would allow hackers to breach computer systems and perform all sorts of malicious activities. Security companies have said that hackers could steal information once inside a server system. They could install other programs remotely, with some attackers deploying crypto-mining tools via the Log4j vulnerability.

But nation-states could mount significantly larger campaigns, especially the kind of attackers that routinely appear in cybersecurity briefings. A new report in The Wall Street Journal mentions some of the countries that are looking to exploit Log4j.

Nation-state hackers targeting Log4j

The list includes China, Iran, North Korea, and Turkey. Surprisingly, Russia doesn’t appear in these early Log4j security reports.

The data doesn’t come from the US government, but rather private firms. Microsoft and Mandiant have already observed hacking groups that were previously linked to China and Iran targeting Log4j. Microsoft also identified nation-backed hackers from North Korea and Turkey.

The company said that some hackers are just experimenting with Log4j. Others are trying to break in.

One of the groups exploiting the new Java hack is the same China-backed team…

Source…

Identifying and Remediating the Critical Apache Log4j Cybersecurity Vulnerability | Polsinelli


On December 9th, 2021, a critical zero-day vulnerability, which has the potential of providing threat actors access to millions of computers worldwide, was discovered. Due to the critical nature of this vulnerability, and the risk that it poses to our clients, Polsinelli has partnered with Tracepoint to develop an overview of the issue, and provide you with a set of steps that your organization can take to identify if you are vulnerable and patch the vulnerability if you are.

Please see full Publication below for more information.

Source…

Log4j patch comes with a vulnerability that hackers can exploit


Just as we learned that nation-state hackers have started studying the Log4j vulnerability issue that shocked the cybersecurity world last week, other researchers signaled a disturbing development. The Log4j hack, also known as Log4Shell, already has a patch that companies can deploy. But it turns out that the fix has its own security issues that hackers can exploit. As a result, companies looking to safeguard their systems against Log4j attacks must deploy a new patch that fixes the previous fix.

As we explained in our previous coverage, the Log4j hack is incredibly dangerous. That’s because it impacts virtually every company offering internet services. The security vulnerability sits in a Java logging utility that’s widely used. Since its disclosure last Thursday, cybersecurity researchers have witnessed hundreds of thousands of attempts to exploit it. That includes attacks from nation-backed hackers who have significant resources at their disposal compared to most hackers.

As long as internet companies do not apply the existing Log4j patch to their systems, they’re at risk.

Hackers can use the Log4j hack to get into computer servers without a password. From there, they can install other malicious programs. These tools would let them steal information, conduct ransomware attacks, or mine for cryptocurrencies. According to the initial reports describing the security issues, someone used the vulnerability inside Minecraft. Microsoft quickly patched Minecraft and kept issuing updates about Log4j exploits in the wild.

The new Log4j patch vulnerability

Regular end-users can’t do anything to fix the Log4j hack themselves. It’s not as easy as updating the operating system or an app to the latest, most secure version. It’s internet companies that have to deploy the latest Log4j patch to secure servers.

But security researchers have already discovered that the Log4j 2.15.0 patch that the Apache Foundation released last week has at least two vulnerabilities that require fixing. Organizations that have installed Log4j 2.15.0 already should install version 2.16.0 as quickly as possible, the report says.

According to some researchers, the Log4j…

Source…