The Dangers of Log4j Accumulate As Companies Push Patch

The biggest problem that started with log4j is still not over, not even close. Last week, new weaknesses were discovered in the unfortunate Apache library (called “Log4Shell” in the infosec world) but, according to experts, there is no reason to panic. Take a quick look at what has happened recently and how security experts are responding.

New Updates

Patching — the process by which companies develop and reproduce software to reduce security threats—not always a very straightforward plan, and nowhere has this been more noticeable than in the log4j fiasco. Last week, Apache released several patches, but with each successive patch, additional problems are added.

On Friday, Apache released its third installment, Type 2.17.0, aimed at creating a new threat that would allow for threats to the Denial of Service (the new offense is legally enforceable as CVE-2021-45105).

Old section, 2.16.0, was later released 2.15.0-ndi first patch – could not reduce the remote attack which, in some cases, would allow data theft. In other words, the patch that is supposed to fix the initial risk it was his his risk is a patch-fix that patch also had problems. Good stuff.

All that has been said, these new safety bugs are not as dangerous as the original ones and should not be too sleepy, according to some experts.

It is an initial threat, CVE-2021-44228, which — if left unchecked — is still a nightmare for cybersecurity.

Is There a Log4j Worm?

Another interesting article in this regard was recent debate among security experts whether log4j produced worms or not.

On Sunday, security investigator Germán Fernandez said he was he saw a worm-a malicious, self-propelled software – that affects devices that were not yet at risk of log4j risk. VX Underground, a major online site for examples of malware and other related studies, shared the researchers’ findings: “A security investigator. @ 1ZRR4H has detected the first worm of Log4J. It is a Mirai bot self-publishing. We’ve added examples, “VX account tweeted. Greg Linares, another security investigator, the date appeared as if the malware is targeting mainly Huawei routers that have not been shipped.

However, some experts are quick to throw cold water on some of these products—to point that the program did not appear to be working and may not be eligible for worms. “I’ve changed the ones that say log4j worms and they don’t work at all,” he said. tweeted Marcus Hutchins, a well-known cybersecurity researcher. “There are also a few bugs in the code which means that even if they fix the failures, it won’t be useful.”

Security experts have said saved the same danger of worms within log4j. Tom Kellermann, VMware ‘s cybersecurity strategy chief, recently told ZDnet that the worm “could be armed” by an external army or intelligence service – the end result. the consequences can be devastating.

Use the Test to Keep Multiplying

Meanwhile, an explosion of fraudulent experiments that follow log4j continues to expose new attacks.

Monday, Belgian Defense Ministry revealed it was forced to shut down some parts of its network after a hacker used log4j to access its systems. While not much has been revealed about the incident, it is one of the clearest examples of the Apache bug used to destroy the real world. That certainly will not be the last.

Indeed, recent reports indicate that financially motivated criminal gangs are involved — as well as bank criminals. In addition to this, ransomware hackers, cyber-espionage, and crypto-mining incidents have all been detected. Primary assistants-Online terrorists who break into weapons and computer systems with the aim of turning and selling the opportunity to other terrorists (especially ransomware hackers) – have been stealing machines at the risk of log4j. Microsoft Security Team published research last week which showed that “several follow-up groups acting as advertisers have started using risk to gain access to the following networks.”

In a nutshell: Fun continues! We will continue to follow the radical change in this problem as it grows.