© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Log4j saga: the first patch is already being exploited

If you have the Log4j 2.15.0 patch installed, make sure to update to version 2.16.0 immediately.

Less than a week after the global onslaught of what appears to be the zero-day exploit of the year, security researchers are once again ringing the alarm.

According to one report, the security patch that was released as Log4j 2.15.0, itself had at least two vulnerabilities, which attackers are now actively exploiting against targets that have patched their systems.

Needless to say, anyone who has version 2.15.0 installed should immediately update to version 2.16.0 in order to patch the new CVE-2021-45046 security flaw, which is already under active exploitation according to Cloudflare.

The researchers who discovered the flaw note that previous mitigations “do NOT mitigate this specific vulnerability” and that version 2.16.0 "fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.”

Meanwhile, Ars Technica reported on Wednesday that version 2.15.0 suffers from an additional information disclosure flaw that can be exploited in order to exfiltrate stolen data from servers that have the patch installed, according to security firm Praetorian.

“In our research, we have demonstrated that 2.15.0 can still allow for exfiltration of sensitive data in certain circumstances,” explained Praetorian researcher Nathan Sportsman. While Praetorian reported the issue to the Apache Foundation, the researchers still “strongly recommend that customers upgrade to 2.16.0 as quickly as possible.”

The Log4j exploitation party has only begun

Exploits for the Log4j started circling the web late last week. Researchers at BitDefender soon reported the first cases of the Log4j vulnerability being used to deploy ransomware.

Brett Callow, Threat Analyst at Emsisoft, says that the race to leverage Log4j has only begun. The loot is ripe for taking before all systems are patched, meaning there might be a spike in illicit activities in the coming weeks.

“Threat actors will now be in a race to leverage Log4j before patches are deployed, and some will likely be banking access for later use - meaning we could see a spike in Log4j-related security incidents, including ransomware incidents, in the coming weeks,” Callow claims.

Companies with servers confirmed to be vulnerable to Log4Shell attack include Apple, Amazon, Twitter, Steam, Baidu, NetEase, Tencent, Elastic and likely hundreds if not thousands more.

More from CyberNews

Log4Shell in broad use: Fukushima moment for cybersecurity

Nation-state actors from China, Iran, North Korea, and Turkey join the Log4Shell exploitation party

More hints that ransomware groups eye the Log4j vulnerability

Online privacy trends for 2022: Cookie death, zero-copy integration, and AI-powered bossware

We need to put the human back into automated HR

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked