Log4j vulnerabilities pile up as companies scramble to patch

Image of the article titled Log4j Vulnerabilities pile up as companies scramble to patch

Photo: Patrick Herzog/AFP (Getty Images)

The massive crisis triggered by log4j isn’t over yet – and it’s not over yet. Over the past week, new vulnerabilities have been discovered in the unfortunate Apache Registry Library (which is a vulnerability everywhere It’s called “Log4Shell” in the world of information and communication) but according to experts, there is absolutely no need to panic. Here’s a quick look at the latest developments and how security professionals are responding.

New vulnerabilities

software patching not always A very straightforward process, and nowhere is this more evident than the log4j failure. Over the past week, Apache released several , but with each successive correction, additional problems arose.

On Friday, Apache released its third patch, Version 2.17.0, with the aim of fixing a newly discovered vulnerability that would have allowed denial-of-service attacks (this new flaw is being officially tracked CVE-2021-45105).

previous correction, 2.16.0Then they were released 2.15.0-the A native Patch – Failed to mitigate a remote attack vulnerability that, in some cases, could have allowed data theft. In other words, the patch that was supposed to fix the original vulnerability had King Weaknesses and patches to fix them who – which The patch also has problems. Good things.

All that said, these new security flaws aren’t as severe as the original and shouldn’t be something that loses a lot of sleep, according to some experts.

It is the original weak point, CVE-2021-44228, which – if left unrepaired – is still the stuff of cybersecurity nightmares.

Is there a Log4j worm?

Another colorful episode in this story was recent discussion Among security professionals about whether log4j gave birth to a worm or not.

On Sunday, security researcher, German Fernandez, said, He claimed he had a worm spotted—a self-spreading malware — affecting devices that had not fixed the log4j vulnerability. VX Underground, a large online repository of malware samples and related academia, shared the researcher’s findings: “The security researcher @1ZRR4H Select the first Log4J worm. It is a self-deploying Mirai robot. We have compiled the sample, “VX Calculation chirp. Greg Linaris, another security researcher, He said it looked As if the malware was mainly targeting unpatched Huawei routers.

However, other experts quickly threw cold water on some of these claims –pointing The program does not appear to do all of this and may not technically qualify as a worm. “I’ve reverse-engineered this supposed log4j worm and it doesn’t work at all,” chirp Marcus Hutchins, a prominent researcher in the field of cybersecurity. “There are also many bugs in the code which means that even if they fix the basic failure, it will still be completely ineffective.”

Their security experts quarrel likewise About how dangerous a worm is in the context of log4j. Tom Kellerman, head of cybersecurity strategy at VMware, recently told ZDnet that the worm could be “weaponised” by a hostile foreign power or intelligence service — and the end result could be very bad.

Attempts to exploit continue to multiply

Meanwhile, exploits targeting log4j continue to reveal new attack strategies.

On Monday, the Belgian Ministry of Defense revealed that It was forced to shut down parts of its network after a group of hackers exploited log4j to gain access to its systems. Although not much has been revealed about the incident, it is one of the most visible examples to date of an Apache bug being used to cause harm in the real world. It certainly won’t be the last.

Indeed, recent reports show financially motivated crime groups joining the fray – including banking Trojans. Additionally, ransomware gangs, nation-state cyber espionage activity, and crypto mining have all been monitored. primary access brokers– Cybercriminals hacking into devices and computer networks with the intent to circumvent and sell this access to other criminals (mostly ransomware hackers) – Loot vulnerable log4j systems. Microsoft Security Team Published Research Last week it showed that “multiple tracked activity groups that act as access intermediaries have started using the vulnerability for initial access to targeted networks.”

In short: the fun continues! We will continue to track the broader transformations of this entire crisis as it unfolds.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button