adplus-dvertising
Connect with us

Tech

Log4j RCE activity began on December 1 as botnets start using vulnerability – ZDNet

Published

2 years ago

 on



Image: Kevin Beaumont

The usage of the nasty vulnerability in the Java logging library Apache Log4j that allowed unauthenticated remote code execution could have kicked off as early as December 1.

“Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC,” Cloudflare CEO Matthew Prince said on Twitter.

“That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.”

300x250x1

Cisco Talos said in a blog post that it observed activity for the vulnerability known as CVE-2021-44228 from December 2, and those looking for indicators of compromise should extend their searches to at least that far back.

Thanks to the ubiquity of the impacted library, Talos said it was seeing lead time from attackers doing mass scanning to callbacks occurring, and could be due to vulnerable but non-targeted systems — such as SIEMs and log collectors — being triggered by the exploit.

It added that the Mirai botnet was starting to use the vulnerability. Researchers at Netlab 360 said they had seen the Log4j vulnerability used to create Muhstik and Mirai botnets that went after Linux devices.

Over the weekend, vendors have been rushing to get patches out and document workarounds for affected products. The end results have been product matrices such as those from VMware and Cisco where some products have patches available, some have workarounds, and others remain vulnerable. Both vendors scored CVE-2021-44228 as a perfect 10.

The suggested workarounds typically either set the log4j2.formatMsgNoLookups flag to true, or remove the JndiLookup class from the classpath used by Java.

A Reddit post from NCC Group is being regularly updated, and shows how the exploit can be used to exfiltrate AWS secrets, as well as all manner of Java system properties.

One security researcher was able to trigger the exploit by going Little Bobby Tables on his iPhone name.

Sophos said it was seeing the vulnerability already being used by cryptominers.

On the more enjoyable front, a Minecraft mod developer was able to use the vulnerability to turn a Minecraft server into one that played Doom instead.

“For some context, this is an entirely vanilla client connecting to a modded server, which, through this exploit, is sending over and executing the code to run doom,” Gegy said.

Microsoft threat analyst Kevin Beaumont said defence in depth was “probably your best option”.

“To give a spoiler for Log4Shell, this is going to take weeks to play out to establish attack surface (it is large) and then maybe a month or more for patches to be made available,” he said.

Related Coverage

Adblock test (Why?)

728x90x4

Source link

Related Topics:
Continue Reading

Tech

Downhill Bikes of Sea Otter – Part 2

Published

14 hours ago

 on

April 23, 2024

By

@juanhall: I gotta say, this was the most interesting bike in this post….love that Intense is experimenting with gearboxes…I can see it have a huge effect on DH bikes….thank god there’s still people pushing things. Now, they need to make an Enduro bike with the Pinion MGU!

 

728x90x4

Source link

Continue Reading

Tech

Important updates regarding the Bob-Birnie Arena

Published

15 hours ago

 on

April 23, 2024

By

The City of Pointe-Claire would like to inform you that the Bob-Birnie arena will be closed for its annual maintenance as of Monday, April 29. The Annex rink will reopen to the public on Monday, May 13, and the arena’s Main rink will be accessible as of Monday, June 3.

Public skating will resume on May 13, and the summer public activities programming will begin on June 3 when both rinks have reopened to the public.

In addition to the annual maintenance of the facility, two renovation projects are also scheduled to start at the same time:

Installation of new sound systems

300x250x1

The City will be replacing its current sound systems in both the Main rink and Annex rink, to offer arena visitors a better overall experience, whether watching from the stands or participating in on-ice activities. This project is expected to be conducted throughout the month of May.

Renovation of locker rooms in the Main Rink

The City will also be renovating the five locker rooms located in the Main rink, to bring up to date the amenities currently available to participants. These renovations are expected to begin in early May and will be completed by mid-August.

For all information about the Bob-Birnie arena, visit the arena’s page on our website.

 

728x90x4

Source link

Continue Reading

Tech

Surprise Apple Event Hints at First New iPads in Years – CNET

Published

16 hours ago

 on

April 23, 2024

By


We haven’t seen a new iPad in years, but Apple seems likely to change that in just a few weeks. All signs point to the release of new iPad models in the first week of May.

Apple CEO Tim Cook posted this GIF for the virtual event to X on Tuesday morning.

Apple/Amy Kim/CNET

This morning, I received an email invite for a virtual Apple event, scheduled for May 7 at 7 a.m. PT (10 a.m. ET). The invite, which says “Let Loose,” shows a drawing of a hand holding an Apple Pencil. Considering the iPad is the only device that uses the Pencil — that doesn’t leave much to the imagination.

Apple’s been expected to release new OLED-screened iPad Pros with newly designed Pencils and Magic Keyboard cases. New iPad Airs are also expected, including a larger-screened 12.9-inch model. Apple’s iPad Air lineup tends to be slightly redesigned versions of previous-model iPad Pros, so just look to the M2 iPad Pro lineup for a sense of what the next Airs could be. These would be the first new iPads since the iPad Pro M2 model arrived in late 2022.

300x250x1

Watch this: What to Expect at Apple’s May 7 iPad Event

02:55



728x90x4

Source link

Continue Reading

Trending