The Log4j flaws keep on being a huge headache for IT security employees. We have shared the details of the first emerge of the Log4j flaws with its mitigation guidance. Then a second flaw appeared and showed that the fix was not enough to completely secure the library; the Log4Shell version was updated to 2.16.0 with removing message lookout support and disabling JNDI. But Log4j still seems to be vulnerable.
The security experts from Praetorian, a cybersecurity company, warned of another weakness that appears on the Log4j 2.15.0. The weakness is said to be able to allow for infiltration of sensitive data in certain circumstances. No additional technical information was shared about the new flaw, so it is not clear if it persists on the just-released Log4j 2.16.0 patch. Praetorian has shared a video of the exfiltration process of sensitive data on 2.15.0.
Another security firm, Check Point, has said that over 1.8 million attempts have been done to exploit the Log4j vulnerabilities. Microsoft Threat Intelligence Center has also shared their observation about the exploitations. Access brokers leverage the Log4j vulnerability to get initial access to target networks. Then, they are sold to other ransomware affiliates. The flaws also left the door open for the cryptocurrency miners, remote access trojans, botnets, and web shells.
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- CISA published Log4j vulnerability guidance
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited