Third-patch is released to fix the critical Apache Log4j Vulnerability
Apache Software Foundation(ASF) has released another patch for Log4j vulnerability and the version is 2.17.0. If not patched, the vulnerability tracked as CVE-2021-45105 could be exploited for Denial-of-Service (DoS) attack.
Log4J continues to annoy and threaten IT community, and this new vulnerability is currently affecting all tools from 2.0 beta9 to 2.16.0, meaning the recent patch released by Apache to fix the remote code execution (CVE-2021-45046) and Apache Log4Shell Vulnerability (CVE-2021-44228). A security researcher named Hideki Okamoto of Akamai Technologies is the one who identified the recent vulnerability and reported it.
Apache Log4j Vulnerability and the risks
The vulnerability for DoS bug has been escalated from 3.7 to 9.0 as the attacker can create a specially crafted string that can access the data and perform remote code execution in certain environments. The CISA also issued an emergency directive to the federal organizations and agencies to patch the Apache Log4J vulnerability immediately before Dec 23, 2021.
States sponsored hackers from Iran, China, North Korea and Turkey along with Conti Ransomware Gang were found exploiting the Apache Log4J vulnerability by exploiting the RMI maneuver and few mining Monero. And researchers have identified these threats to be the first sophisticated crime-ware cartel act. The current vulnerability allows Conti Ransomware Group to exploit the Log4j 2 VMware vCenter for moving laterally within the compromised network thus leveraging the Cobalt Strike Sessions.
While we already discussed about the Monero mining in our recent post on LDAP to RMI switch, the other exploiters of this vulnerability are botnets, remote access trojans, ransomware strain called Khonsari. Check Point said it has found around 3.7 million exploitation attempts regarding Apache Log4j vulnerability and 46% of those attempts are from known threat actors.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.