Cybersecurity and Infrastructure Security Agency and cybersecurity leaders from the US, Canada, New Zealand, Australia, the UK, and the FBI and NSA have published a new informational. Their first guidance about Log4j and the mitigations was shared 1 week ago. In this one week, a lot of new information and patches appeared.
Vulnerable versions are still being downloaded
The organization has stated that the attackers originating from North Korea, Iran, Turkey, and China alongside some ransomware groups and cybercriminal organizations are actively scanning and exploiting the Log4j vulnerabilities.
The cybersecurity firm Sonatype also shared an infographic showing that the current download rate of the flawed versions of Log4j is still 45%. In the most recent moment, the download rate of the latest and safest Log4j version, 2.17.0, is only about 30%.
Rob Joyce, cybersecurity director of NSA said,
« Start with internet exposed assets, but mitigate and update everything. Monitor and follow up. Malicious actors have been observed patching software they compromise to help retain control of the assets »
CISA has also announced that the Log4j vulnerabilities are now included in the Hack DHS bug bounty program. The program is originally announced on December 14th by the Department of Homeland Security to identify their systems’ flaws. With the recent chaos, the Log4j is immediately added to the program.
In response to the recently discovered log4j vulnerabilities, @DHSgov is expanding the scope of our new #HackDHS bug bounty program and including additional incentives to find and patch log4j-related vulnerabilities in our systems.
— Secretary Alejandro Mayorkas (@SecMayorkas) December 21, 2021
- Datto released Log4j tool for MSPs
- VMware vCenter Server is targetted by hackers via Log4j flaws
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- A third, new Apache Log4j vulnerability is discovered
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- CISA published Log4j vulnerability guidance
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited