Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2495" data-attributes="member: 3"><p><h3><span style="color: rgb(184, 49, 47)">Severity: High</span> <span style="color: rgb(0, 168, 133)">TLP: Green</span> Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft</h3><p><strong>Tags</strong></p><ol> <li data-xf-list-type="ol"><strong>Critical CVE</strong></li> <li data-xf-list-type="ol"><strong>Cybercriminal Attack</strong></li> </ol><p><strong>Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft</strong></p><p><strong></strong></p><p><strong>Summary:</strong></p><p>“State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.</p><p></p><p>As predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA), more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It's a potent flaw that allows remote attackers to take over a device after compromise.</p><p></p><p>CISA officials on Tuesday warned that hundreds of millions of enterprise and consumer devices are at risk until the bug is patched, (<a href="https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/" target="_blank">ZDNet, 2021</a>).”</p><p></p><p><strong>Analyst Comments:</strong></p><p>Analysts from Microsoft observed scanning and post-exploitation activities, “Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems, (<a href="https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/" target="_blank">Microsoft, 2021</a>).”</p><p></p><p><strong>Mitigation:</strong></p><p>Actors will continue to exploit this vulnerability for extended periods of time. Apache released yet another update 2.16, the previous patch 2.15 was determined to be incomplete, "Apache has already released a patch, Log4j 2.16.0. The CVE says Log4j 2.16.0 fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. It notes that the issue can be mitigated in prior releases by removing the JndiLookup class from the classpath, (<a href="https://isc.sans.edu/diary/rss/28134" target="_blank">ICSSANS, 2021</a>)."</p><p></p><p><strong>Source:</strong></p><p><a href="https://isc.sans.edu/diary/rss/28134" target="_blank">https://isc.sans.edu/diary/rss/28134</a></p><p><a href="https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/" target="_blank">https://www.zdnet.com/article/log4j...using-bug-as-part-of-attacks-warns-microsoft/</a></p></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2495, member: 3"] [HEADING=2][COLOR=rgb(184, 49, 47)]Severity: High[/COLOR] [COLOR=rgb(0, 168, 133)]TLP: Green[/COLOR] Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft[/HEADING] [B]Tags[/B] [LIST=1] [*][B]Critical CVE[/B] [*][B]Cybercriminal Attack[/B] [/LIST] [B]Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft Summary:[/B] “State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. As predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA), more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It's a potent flaw that allows remote attackers to take over a device after compromise. CISA officials on Tuesday warned that hundreds of millions of enterprise and consumer devices are at risk until the bug is patched, ([URL='https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/']ZDNet, 2021[/URL]).” [B]Analyst Comments:[/B] Analysts from Microsoft observed scanning and post-exploitation activities, “Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems, ([URL='https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/']Microsoft, 2021[/URL]).” [B]Mitigation:[/B] Actors will continue to exploit this vulnerability for extended periods of time. Apache released yet another update 2.16, the previous patch 2.15 was determined to be incomplete, "Apache has already released a patch, Log4j 2.16.0. The CVE says Log4j 2.16.0 fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. It notes that the issue can be mitigated in prior releases by removing the JndiLookup class from the classpath, ([URL='https://isc.sans.edu/diary/rss/28134']ICSSANS, 2021[/URL])." [B]Source:[/B] [URL]https://isc.sans.edu/diary/rss/28134[/URL] [URL='https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/']https://www.zdnet.com/article/log4j...using-bug-as-part-of-attacks-warns-microsoft/[/URL] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu