Apache patches the Log4Shell library with fixes, new flaws, and attacks using the current flaws emerging. In the meantime, the Apache security and development teams have recently updated the library to the 2.17.0 version, fixing a string bug that causes denial-of-service. But there are still flaws to be fixed.
CONTI is exploiting Log4j to reach virtual machines
As the encryption completes, the only way to get the files back is by negotiating with the hackers
The researchers from the cyber security firm, AdvIntel, have shared the details of the attacks they have been observing. AdvIntel states that the flaws of Log4j are currently being targetted by the hackers from CONTI, the professional Russian hacker group. The group is known for its ransomware activities; encrypting the whole data of a system and then selling the decryption service to the companies.
The current activity of the group is exploiting the Log4j vulnerability to reach VMware vCenter Server instances and encrypt them. As the encryption process is complete, the data on the virtual machine is inaccessible. Victims must either negotiate with the hackers, paying them money to decrypt or say goodbye to all the data in the drive.
VMware has shared a list of affected products, consisting of 50 different products. The list can be seen here.
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- A third, new Apache Log4j vulnerability is discovered
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- CISA published Log4j vulnerability guidance
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited