Regístrese ahora para una mejor cotización personalizada!

Log4j flaw attack levels remain high, Microsoft warns

Ene, 04, 2022 Hi-network.com

Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December. 

Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. 

Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment. 

Over the past month, Microsoft has released numerous updates, including to its Defender security software, to help customers identify the issue as attackers stepped up scanning activity. 


LOG4J FLAW COVERAGE -WHAT YOU NEED TO KNOW NOW 

  • Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability
  • Security warning: New zero-day in the Log4j Java library is already being exploited
  • Log4j RCE activity began on December 1 as botnets start using vulnerability

"Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks," the Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) said in a January 3 update. 

Microsoft said customers should "assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments." Hence, it's encouraging customers to utilize scripts and scanning tools to assess their risk and impact. 

"Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities," Microsoft added. 

The flaw likely left some security teams without much of a break over Christmas and prompted warnings from the UK's NCSC to beware of burnout among staff responsible for remediation. 

Just ahead of New Year's Day, Microsoft rolled out a new Log4j dashboard for threat and vulnerability management in the Microsoft 365 Defender portal for Windows 10 and 11, Windows Server, and Linux systems. This system aims to help customers find and fix files, software and devices affected by Log4j vulnerabilities. CISA and CrowdStrike also released Log4j scanners ahead of Christmas. 


LOG4J FLAW COVERAGE - HOW TO KEEP YOUR COMPANY SAFE 

  • Log4j zero-day flaw: What you need to know and how to protect yourself 
  • Security warning: New zero-day in the Log4j Java library is already being exploited 
  • Log4j flaw could be a problem for industrial networks 'for years to come' 

CISA officials believe hundreds of millions of devices are affected by Log4j. Meanwhile, major tech vendors such as Cisco and VMware continue to release patches for affected products. 

The Log4Shell vulnerabilities now include the original CVE-2021-44228 and four related flaws, the latest of which was CVE-2021-44832. However it was only a moderate severity issue addressed in the Log4j version 2.17.1 update on December 28. The Apache Software Foundation has details about each of the Log4j vulnerabilities in its advisory covering CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.