White Hat Institute

Cybercriminals rush to exploit the second flaw, as a third Log4j flaw arises

second flaw log4j
Retrieved from industrialcyber.co

Cloudflare, a web infrastructure provider, reported on Wednesday that malicious hackers are making efforts to exploit a second hole discovered in the extensively used Log4j logging software, making it essential that users install the current version as a deluge of attacks continues to hammer unpatched systems with a range of malware.

The new security hole, CVE-2021–45046, allows attackers to launch denial-of-service (DoS) attacks. It comes after the Apache Software Foundation (ASF) revealed that the previous fix for the remote code execution flaw — CVE-2021–44228 was inadequate in some non-default setups. Since then, the problem has been fixed in Log4j release 2.16.0.

This flaw is being intensively attacked, thus everyone using Log4J should immediately update to version 2.16.0 as quickly as possible, even if they have already updated to version 2.15.0. Worse, experts at security company Praetorian informed of a third security flaw in Log4j version 2.15.0 which might enable sensitive data exfiltration in some conditions. To avoid future misuse, more technical details about the problem have been suppressed, but it’s unclear whether this has already been resolved in version 2.16.0.

Access brokers used the Log4Shell vulnerability to get immediate access to target networks, which were then auctioned to other ransomware affiliates, according to Microsoft Threat Intelligence Center (MSTIC). Additionally, numerous malware groups have been uncovered that exploit this flaw, ranging from cryptocurrency coin miners and remote access trojans to botnets and web shells.

Although it’s usual for cybercriminals to try to exploit freshly publicized weaknesses before they’re patched, the Log4j problem highlights the risks that come with software supply chains, especially when a critical piece of software is utilized in a wide range of products from multiple vendors and implemented by their customers all over the world.

According to corporate security company Dragos, “this vulnerability would leave a large span of businesses susceptible to remote exploitation, including electric power, water, food and beverage, manufacturing, transportation, and more.” “As network defenders block off more simple exploit paths and advanced attackers include the flaw in their assaults, more complicated Log4j attacks will arise, with a larger possibility of directly harming Operational Technology networks,” the company stated.