18 December 2021

NOTHING IS SACRED | Bleeping Computer

A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks.
Latest Article:
  • Log4J

    Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS

    Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability.

The Week in Ransomware - December 17th 2021 - Enter Log4j

 
". . .While a patch was quickly released to fix the vulnerability, researchers and threat actors quickly began scanning for and exploiting vulnerable devices. With how fast it was adopted, it was only a matter of time until threat actors used it to deploy ransomware.

Other ransomware news

While the Log4j vulnerability has taken up most of the cybersecurity community's time this week, there have been other significant developments as well.

Emotet also began distributing Cobalt Strike beacons as a primary payload, allowing ransomware gangs quicker access to compromised networks to conduct attacks.

We also learned that the Hive Ransomware operation is becoming a major player after breaching hundreds of companies in just four months.

Finally, a massive ransomware attack against HR services provider Kronos has caused significant impact for many companies who use them for timekeeping and payroll. We also saw a Conti attack on McMenamins breweries, showing that nothing is sacred. . .

[...]

December 17th 2021

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.

Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack.

Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library."

Read more > https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-17th-2021-enter-log4j/ 

Log4J

US emergency directive orders govt agencies to patch Log4j bug

US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.

No comments:

QOD: You can dig it