Unsolved
10 Elder
•
45.2K Posts
0
931
December 16th, 2021 17:00
Apache Log4j 2 Vulnerability
A significant security vulnerability has been found in Apache Log4j 2 and is being used in the wild. The bug could enable cyberattacks that span economic sectors and international borders.
Log 4j is open source Java-based logging software that's used in numerous Java applications around the world. Developers use Log4j to record user activity and the behavior of their apps for subsequent review. Distributed free by nonprofit Apache Software Foundation, Log4j has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications.
The flaw allows attackers to execute code remotely on a target computer, meaning they can steal data, install malware or take control. Microsoft said they've traced attempted attacks using this flaw to China, Iran, North Korea and Turkey.
Check Point Software says they've tracked more than 1.27 Million attempts by hackers to use the vulnerability, targeting nearly half of their customers’ corporate networks.
The list of affected companies is growing and includes Apple, Amazon, Cloudflare, IBM, Microsoft's Minecraft, Palo Alto Networks, Twitter. Several technology companies have issued guidance to their customers about decreasing the risk.
Nothing we can do, but don't be surprised when major companies acknowledge that they've been breached via this flaw.
Read more...
RoHe
10 Elder
•
45.2K Posts
0
December 17th, 2021 17:00
BTW: If you use a cloud service, make sure your cloud provider has updated their software to close this gaping hole.
Apple iCloud has been patched and CloudFlare has updated its network systems too.
RoHe
10 Elder
•
45.2K Posts
0
December 18th, 2021 18:00
And so it begins...
Kronos reported this past Mon that it was hit with a ransomware attack after noticing unusual activity on its network last Sat.
The attack could keep its payroll preparation software offline for a few weeks, meaning hundreds of businesses using Kronos to prepare paychecks could be unable to pay employees for a while.
Though not yet confirmed, early indications suggest the "Log4Shell" vulnerability in Log4j 2 was the route of attack at Kronos.
So far, these companies have acknowledged they are affected by the attack on Kronos:
RoHe
10 Elder
•
45.2K Posts
0
December 23rd, 2021 11:00
Here's Dell's response to the Log4j 2 issue, including patch update status for various products, and a list at the bottom of their software confirmed not to be vulnerable to the Log4j flaw.
BIOS for Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, and Vostro are not vulnerable. Alienware Command Center and Alienware Update software are not vulnerable. Check the link for other Dell hardware and software that you may use...
EscapeTheCybberAttack
1 Message
0
February 16th, 2022 12:00
I want to preface this by saying, I have always done updates as soon as I'm done using the device after the first notification. I can find a bunch of info on how to mitigate the risks, and the loopholes that they are using... But what do you do when the risks weren't mitigated, you became a target & now all your devices are opperated by RCE? On 1/12/22 I made the worst judgement call of my life. I downloaded something from a bad actor who sent a spoofed email about a software invoice. Once I downloaded it, it wouldn't let me uninstall, so I turned off the computer & went to an appointment I was already late for.
I've paid IT professionals who think my sanity has escaped me. However, I can't log into simple things like my bank or cell phone & all 40ish devices on my network seem to play a role. I'm worse off than square one after six wipe + clean installs to the Dell Inspirion 5477 AIO, android to iOS migration, apple factory reset, 2 laptops (reset 3 times,) Orbi router reset 2 times, main passwords reset multiple times, + 2 factor authentication... Microsoft confirmed my suspisions about JuicyPotato, & created a case. Since my BIOS was remotley exploited through an UEFI firmware they have had wide open doors to obtain authentication tokins from Microsoft, Google, Apple, Verizon, etc... Everything is a vicious loop, & since all assests are tied to credentials they have, I can't seem to make any traction.
Currently resetting devices again, but the 1st computer is stuck in a loop that won't let me get past the repair menu. Where do I turn? What would you do?