Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4j 2.0 |
||
apache log4j |
||
siemens sppa-t3000_ses3000_firmware |
||
siemens logo\\! soft comfort |
||
siemens spectrum power 4 4.70 |
||
siemens spectrum power 4 |
||
siemens siveillance control pro |
||
siemens energyip prepay 3.7 |
||
siemens energyip prepay 3.8 |
||
siemens siveillance identity 1.6 |
||
siemens siveillance identity 1.5 |
||
siemens siveillance command |
||
siemens sipass integrated 2.85 |
||
siemens sipass integrated 2.80 |
||
siemens head-end system universal device integration system |
||
siemens gma-manager |
||
siemens energyip 8.5 |
||
siemens energyip 8.6 |
||
siemens energyip 8.7 |
||
siemens energyip 9.0 |
||
siemens energy engage 3.1 |
||
siemens e-car operation center |
||
siemens desigo cc info center 5.0 |
||
siemens desigo cc info center 5.1 |
||
siemens desigo cc advanced reports 4.1 |
||
siemens desigo cc advanced reports 4.2 |
||
siemens desigo cc advanced reports 5.0 |
||
siemens desigo cc advanced reports 5.1 |
||
siemens desigo cc advanced reports 4.0 |
||
siemens comos |
||
siemens captial 2019.1 |
||
siemens navigator |
||
siemens xpedition package integrator - |
||
siemens xpedition enterprise - |
||
siemens vesys 2019.1 |
||
siemens vesys |
||
siemens teamcenter |
||
siemens spectrum power 7 2.30 |
||
siemens spectrum power 7 |
||
siemens solid edge harness design 2020 |
||
siemens solid edge harness design |
||
siemens solid edge cam pro |
||
siemens siveillance viewpoint |
||
siemens siveillance vantage |
||
siemens siguard dsa 4.3 |
||
siemens siguard dsa 4.4 |
||
siemens siguard dsa 4.2 |
||
siemens sentron powermanager 4.2 |
||
siemens sentron powermanager 4.1 |
||
siemens operation scheduler |
||
siemens nx |
||
siemens opcenter intelligence |
||
siemens mindsphere |
||
siemens mendix |
||
siemens industrial edge management hub |
||
siemens industrial edge management |
||
siemens captial |
||
intel audio development kit - |
||
intel system debugger - |
||
intel secure device onboard - |
||
intel oneapi sample browser - |
||
intel sensor solution firmware development kit - |
||
intel computer vision annotation tool - |
||
intel genomics kernel library - |
||
intel system studio - |
||
intel data center manager |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
sonicwall email security |
||
netapp oncommand insight - |
||
netapp cloud insights - |
||
netapp active iq unified manager - |
||
netapp cloud manager - |
||
netapp cloud secure agent - |
||
netapp ontap tools - |
||
netapp snapcenter - |
||
cisco unified communications manager im and presence service 11.5\\(1\\) |
||
cisco unified customer voice portal 11.6 |
||
cisco webex meetings server |
||
cisco packaged contact center enterprise 11.6\\(1\\) |
||
cisco webex meetings server 3.0 |
||
cisco identity services engine |
||
cisco data center network manager |
||
cisco webex meetings server 4.0 |
||
cisco unified contact center express |
||
cisco data center network manager 11.3\\(1\\) |
||
cisco identity services engine 2.4.0 |
||
cisco finesse |
||
cisco finesse 12.6\\(1\\) |
||
cisco nexus dashboard |
||
cisco network services orchestrator |
||
cisco iot operations dashboard - |
||
cisco intersight virtual appliance |
||
cisco evolved programmable network manager |
||
cisco dna spaces\\ _connector |
||
cisco cyber vision sensor management extension |
||
cisco crosswork zero touch provisioning |
||
cisco crosswork zero touch provisioning 3.0.0 |
||
cisco crosswork platform infrastructure |
||
cisco crosswork platform infrastructure 4.1.0 |
||
cisco crosswork optimization engine |
||
cisco crosswork optimization engine 3.0.0 |
||
cisco crosswork network controller 3.0.0 |
||
cisco crosswork network controller |
||
cisco crosswork data gateway 3.0.0 |
||
cisco crosswork data gateway |
||
cisco common services platform collector |
||
cisco cloudcenter |
||
cisco cloudcenter workload manager |
||
cisco cloudcenter suite admin |
||
cisco cloudcenter cost optimizer |
||
cisco business process automation |
||
cisco automated subsea tuning |
||
cisco nexus insights |
||
cisco advanced malware protection virtual private cloud appliance |
||
cisco customer experience cloud agent |
||
cisco workload optimization manager |
||
cisco ucs central |
||
cisco ucs director |
||
cisco sd-wan vmanage |
||
cisco optical network controller |
||
cisco fog director - |
||
cisco dna center |
||
cisco integrated management controller supervisor |
||
cisco wan automation engine |
||
cisco virtualized infrastructure manager |
||
cisco network assurance engine |
||
cisco virtual topology system |
||
cisco smart phy |
||
cisco prime service catalog |
||
cisco connected mobile experiences - |
||
cisco video surveillance operations manager |
||
cisco unity connection |
||
cisco virtualized voice browser |
||
cisco unified workforce optimization |
||
cisco unified sip proxy |
||
cisco unified intelligence center |
||
cisco unified customer voice portal |
||
cisco unified customer voice portal 12.0 |
||
cisco unified customer voice portal 12.5 |
||
cisco unified contact center enterprise |
||
cisco unified contact center enterprise 11.6\\(2\\) |
||
cisco unified communications manager im and presence service |
||
cisco unified communications manager |
||
cisco unified communications manager 11.5\\(1\\)su3 |
||
cisco unified communications manager 11.5\\(1\\) |
||
cisco paging server |
||
cisco packaged contact center enterprise |
||
cisco enterprise chat and email |
||
cisco emergency responder |
||
cisco contact center management portal |
||
cisco contact center domain manager |
||
cisco cloud connect |
||
cisco broadworks |
||
cisco fxos 6.2.3 |
||
cisco fxos 6.3.0 |
||
cisco fxos 6.4.0 |
||
cisco fxos 6.5.0 |
||
cisco fxos 6.6.0 |
||
cisco fxos 6.7.0 |
||
cisco fxos 7.0.0 |
||
cisco fxos 7.1.0 |
||
cisco prime service catalog 12.1 |
||
cisco firepower threat defense 6.2.3 |
||
cisco firepower threat defense 6.4.0 |
||
cisco firepower threat defense 6.3.0 |
||
cisco unity connection 11.5 |
||
cisco firepower threat defense 6.5.0 |
||
cisco firepower threat defense 6.6.0 |
||
cisco sd-wan vmanage 20.3 |
||
cisco sd-wan vmanage 20.6 |
||
cisco sd-wan vmanage 20.5 |
||
cisco cyber vision sensor management extension 4.0.2 |
||
cisco dna spaces connector - |
||
cisco unified sip proxy 010.002\\(001\\) |
||
cisco unified sip proxy 010.002\\(000\\) |
||
cisco unified sip proxy 010.000\\(001\\) |
||
cisco unified sip proxy 010.000\\(000\\) |
||
cisco unified intelligence center 12.6\\(2\\) |
||
cisco unified intelligence center 12.6\\(1\\) |
||
cisco unified customer voice portal 12.6\\(1\\) |
||
cisco unified customer voice portal 12.5\\(1\\) |
||
cisco unified customer voice portal 12.0\\(1\\) |
||
cisco unified customer voice portal 11.6\\(1\\) |
||
cisco unified contact center express 12.5\\(1\\) |
||
cisco unified communications manager im \\& presence service 11.5\\(1.22900.6\\) |
||
cisco unified communications manager im \\& presence service 11.5\\(1\\) |
||
cisco unified communications manager 11.5\\(1.22900.28\\) |
||
cisco unified communications manager 11.5\\(1.21900.40\\) |
||
cisco unified communications manager 11.5\\(1.18900.97\\) |
||
cisco unified communications manager 11.5\\(1.18119.2\\) |
||
cisco unified communications manager 11.5\\(1.17900.52\\) |
||
cisco paging server 9.1\\(1\\) |
||
cisco paging server 9.0\\(2\\) |
||
cisco paging server 9.0\\(1\\) |
||
cisco paging server 8.5\\(1\\) |
||
cisco paging server 8.4\\(1\\) |
||
cisco paging server 8.3\\(1\\) |
||
cisco paging server 14.0\\(1\\) |
||
cisco paging server 12.5\\(2\\) |
||
cisco unified contact center enterprise 12.6\\(2\\) |
||
cisco unified contact center enterprise 12.6\\(1\\) |
||
cisco unified contact center enterprise 12.5\\(1\\) |
||
cisco unified contact center enterprise 12.0\\(1\\) |
||
cisco finesse 12.5\\(1\\) |
||
cisco enterprise chat and email 12.6\\(1\\) |
||
cisco enterprise chat and email 12.5\\(1\\) |
||
cisco enterprise chat and email 12.0\\(1\\) |
||
cisco emergency responder 11.5\\(4.66000.14\\) |
||
cisco emergency responder 11.5\\(4.65000.14\\) |
||
cisco emergency responder 11.5 |
||
cisco unified contact center management portal 12.6\\(1\\) |
||
cisco unified contact center express 12.6\\(2\\) |
||
cisco unified contact center express 12.6\\(1\\) |
||
cisco broadworks - |
||
cisco unified computing system 006.008\\(001.000\\) |
||
cisco ucs central software 2.0\\(1l\\) |
||
cisco ucs central software 2.0\\(1k\\) |
||
cisco ucs central software 2.0\\(1h\\) |
||
cisco ucs central software 2.0\\(1g\\) |
||
cisco ucs central software 2.0\\(1f\\) |
||
cisco ucs central software 2.0\\(1e\\) |
||
cisco ucs central software 2.0\\(1d\\) |
||
cisco ucs central software 2.0\\(1c\\) |
||
cisco ucs central software 2.0\\(1b\\) |
||
cisco ucs central software 2.0\\(1a\\) |
||
cisco ucs central software 2.0 |
||
cisco integrated management controller supervisor 2.3.2.0 |
||
cisco integrated management controller supervisor 002.003\\(002.000\\) |
||
cisco sd-wan vmanage 20.6.1 |
||
cisco sd-wan vmanage 20.8 |
||
cisco sd-wan vmanage 20.7 |
||
cisco sd-wan vmanage 20.4 |
||
cisco optical network controller 1.1 |
||
cisco network assurance engine 6.0\\(2.1912\\) |
||
cisco dna center 2.2.2.8 |
||
cisco wan automation engine 7.6 |
||
cisco wan automation engine 7.5 |
||
cisco wan automation engine 7.4 |
||
cisco wan automation engine 7.3 |
||
cisco wan automation engine 7.2.3 |
||
cisco wan automation engine 7.2.2 |
||
cisco wan automation engine 7.2.1 |
||
cisco wan automation engine 7.1.3 |
||
cisco virtual topology system 2.6.6 |
||
cisco smart phy 3.2.1 |
||
cisco smart phy 3.1.5 |
||
cisco smart phy 3.1.4 |
||
cisco smart phy 3.1.3 |
||
cisco smart phy 3.1.2 |
||
cisco smart phy 21.3 |
||
cisco network services orchestrator - |
||
cisco intersight virtual appliance 1.0.9-343 |
||
cisco evolved programmable network manager 5.1 |
||
cisco evolved programmable network manager 5.0 |
||
cisco evolved programmable network manager 4.1 |
||
cisco evolved programmable network manager 4.0 |
||
cisco evolved programmable network manager 3.1 |
||
cisco evolved programmable network manager 3.0 |
||
cisco network dashboard fabric controller 11.5\\(3\\) |
||
cisco network dashboard fabric controller 11.5\\(2\\) |
||
cisco network dashboard fabric controller 11.5\\(1\\) |
||
cisco network dashboard fabric controller 11.4\\(1\\) |
||
cisco network dashboard fabric controller 11.3\\(1\\) |
||
cisco network dashboard fabric controller 11.2\\(1\\) |
||
cisco network dashboard fabric controller 11.1\\(1\\) |
||
cisco network dashboard fabric controller 11.0\\(1\\) |
||
cisco video surveillance manager 7.14\\(4.018\\) |
||
cisco video surveillance manager 7.14\\(3.025\\) |
||
cisco video surveillance manager 7.14\\(2.26\\) |
||
cisco video surveillance manager 7.14\\(1.26\\) |
||
cisco unified workforce optimization 11.5\\(1\\) |
||
cisco unity connection 11.5\\(1.10000.6\\) |
||
cisco cloudcenter suite 5.3\\(0\\) |
||
cisco cloudcenter suite 5.5\\(0\\) |
||
cisco cloudcenter suite 5.4\\(1\\) |
||
cisco automated subsea tuning 02.01.00 |
||
cisco identity services engine 003.002\\(000.116\\) |
||
cisco identity services engine 003.001\\(000.518\\) |
||
cisco identity services engine 003.000\\(000.458\\) |
||
cisco identity services engine 002.007\\(000.356\\) |
||
cisco identity services engine 002.006\\(000.156\\) |
||
cisco identity services engine 002.004\\(000.914\\) |
||
cisco firepower threat defense 7.1.0 |
||
cisco firepower threat defense 7.0.0 |
||
cisco firepower threat defense 6.7.0 |
||
cisco network insights for data center 6.0\\(2.1914\\) |
||
cisco cx cloud agent 001.012 |
||
cisco mobility services engine - |
||
cisco cloudcenter suite 5.5\\(1\\) |
||
cisco cloudcenter suite 4.10\\(0.15\\) |
||
cisco dna spaces - |
||
cisco cyber vision 4.0.2 |
||
cisco connected analytics for network deployment 7.3 |
||
cisco connected analytics for network deployment 008.000.000.000.004 |
||
cisco connected analytics for network deployment 008.000.000 |
||
cisco connected analytics for network deployment 007.003.003 |
||
cisco connected analytics for network deployment 007.003.001.001 |
||
cisco connected analytics for network deployment 007.003.000 |
||
cisco connected analytics for network deployment 007.002.000 |
||
cisco connected analytics for network deployment 007.001.000 |
||
cisco connected analytics for network deployment 007.000.001 |
||
cisco connected analytics for network deployment 006.005.000.000 |
||
cisco connected analytics for network deployment 006.005.000. |
||
cisco connected analytics for network deployment 006.004.000.003 |
||
cisco crosswork network automation 4.1.1 |
||
cisco crosswork network automation 4.1.0 |
||
cisco crosswork network automation - |
||
cisco crosswork network automation 3.0.0 |
||
cisco crosswork network automation 2.0.0 |
||
cisco common services platform collector 002.010\\(000.000\\) |
||
cisco common services platform collector 002.009\\(001.002\\) |
||
cisco common services platform collector 002.009\\(001.001\\) |
||
cisco common services platform collector 002.009\\(001.000\\) |
||
cisco common services platform collector 002.009\\(000.002\\) |
||
cisco common services platform collector 002.009\\(000.001\\) |
||
cisco common services platform collector 002.009\\(000.000\\) |
||
snowsoftware vm access proxy |
||
snowsoftware snow commander |
||
bentley synchro 4d |
||
bentley synchro |
||
percussion rhythmyx |
Symantec data shows variation and scope of attacks.
Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...
Symantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability
Posted: 11 Dec, 20211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinApache Log4j Zero-Day Being Exploited in the WildSymantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j which, if exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. Exploit code for this vulnerability, ...
Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...
Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.
Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...
Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.
Posted: 27 Apr, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinStonefly: North Korea-linked Spying Operation Continues to Hit High-value TargetsEspionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.The North Korean-linked Stonefly group is continuing to mount espionage attacks against highly specialized engineering companies with a likely goal of obtaining sensitive...
Symantec takes a look at the cyber security trends that shaped the year
Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021. A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of the major thre...
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...
Get our weekly newsletter It's not as though folks haven't been warned about this
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks. Tracked as CVE-2021-44228 aka L...
Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan
The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...
Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10
The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...
Get our weekly newsletter Federal agencies have a week to get their systems patched
The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...
Get our weekly newsletter Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?
Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to CVE-2021-44228 in the open-source logging library widely used by Java applications. Network observers say they've seen tens of thousands of attempts per minute. Successful...
Get our weekly newsletter Private equity owners play pass the parcel
One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said Andrew Kowal, a partner at Francisco Partners. Francisco Partners, a private equity business, bought the bundle of remote access, collab and password manager tools – which a...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...
Get our weekly newsletter This might be the bug that deserves the website, logo and book deal
Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones. Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post. Apache Log4j is an open-source logging utility written in Java that is used all over the world in many software packag...
Get our weekly newsletter Prepare to have a very busy weekend of mitigating and patching
An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers. Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation." Crafted proof-of-concept code snippet...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Latest offensive cyber group to switch to atypical programming for payloads
Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, C...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here’s how Wiz can help
Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games. In what might be called the happier days of the past, flaws were something that affected single applications and individual...
Get our weekly newsletter Miscreants deployed cryptominers, backdoors since late December, Sophos says
VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, with the largest wave of attacks beginning Jan. 19 and continuing well into March. Many of the attacks are designed to deploy cryptocurrency mining malware, Sophos research...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...
Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad
In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...