With nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it’s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits. #KEYVAULT CHECKER CODE#The remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as “Log4Shell” ( CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. Januupdate – Threat and vulnerability management can now discover vulnerable Log4j libraries, including Log4j files and other files containing Log4j, packaged into Uber-JAR files. Januupdate – We added new information about an unrelated vulnerability we discovered while investigating Log4j attacks. #KEYVAULT CHECKER SOFTWARE#Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance. At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered. Organizations may not realize their environments may already be compromised. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. There is high potential for the expanded use of the vulnerabilities. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. This open-source component is widely used across many suppliers’ software and services. Janurecap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |