Log4j: “This is one of the worst vulnerabilities in the history of vulnerabilities” | Arstechnica

Updated 1 year ago

Cyber 4

ICY ROADS AHEAD
40% OF CORP NETWORKS UNDER ATTACK
THE LAST ONE OF THIS STATURE CAUSED THE EQUIFAX BREACH
LIKE COVID, THIS WILL BE WITH US FOR YEARS

TL;DR – The Java deserialization bug stems from Log4j making network requests through the JNDI to an LDAP server and executing any code that’s returned. The bug is triggered inside of log messages with use of the ${} syntax.

“This is a level 10, should scare the pants off everybody moment.”

Attackers are actively exploiting the issue, with Check Point Software reporting Monday afternoon that it was seeing a “pandemic-like spread” of attacks since last week, with more than 800,000 attempted attacks in 72 hours, and about 100 hacks a minute. Check Point said more than 40 percent of corporate networks worldwide were coming under attack.

“The issue can allow remote access to your computer through the servers you log into,” site representatives wrote. “That means any public server you go onto creates a risk of being hacked.”

Danger

log4j is like salt.
“If I asked you, ‘hey show me the salt you have in your house,’ you would probably walk up to the salt you have sitting on the table, maybe some you have hidden in the cabinet,” Cofrancesco said. “What you probably wouldn’t do is show me ‘hey, here’s my Panera sandwich, or here’s the soup I have, or here’s the juice I have, my powerade.’ All those other things have salt in it, it’s just obscured by the fact that there are a bunch of other ingredients. That is precisely what is going on here.”


https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/

https://thehill.com/policy/cybersecurity/585643-cyber-experts-express-growing-alarm-over-apache-vulnerability

Apache on Wikipedia

Napster 2023 40x40 Indigo Ico Bigger

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x