#Log4j Exploit
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr’s reach among the 26-to-35-year-olds in the US is 11%.
Text
I think the verdict is now very clear about when the Minecraft Silver Age ended.
#Log4j Exploit#NOT Fractureizer#Somewhat older; completely different Minecraft issue#Minecraft 1.7 sucks!#Beta 1.7 and its retro relatives all the way!#I'd rather play Minecraft 1.6 than Minecraft 1.7.#Minecraft versions#Silver Age#Minecraft Silver Age
3 notes
·
View notes
Text
linux is not. magically free of the Dependencies curse, tho.
like I respect the moxie & mod-ability of an open OS as much as the next bigtech girlie but it very much is still Computer
it's honestly nuts to me that critical infrastructure literally everywhere went down because everyone is dependent on windows and instead of questioning whether we should be letting one single company handle literally the vast majority of global technological infrastructure, we're pointing and laughing at a subcontracted company for pushing a bad update and potentially ruining themselves
like yall linux has been here for decades. it's stable. the bank I used to work for is having zero outage on their critical systems because they had the foresight to migrate away from windows-only infrastructure years ago whereas some other institutions literally cannot process debit card transactions right now.
global windows dependence is a massive risk and this WILL happen again if something isn't done to address it. one company should not be able to brick our global infrastructure.
#have we forgotten the openssh vuln so easily#or heck#let's go full hardware#anyone up for a Spectre-style microprocessor exploit#anything wide-spread enough will trigger a 'move fast & break things' response if the patching entity didn't game out mitigations in advance#linux based stuff is more divergent sure#just means it'll get you through your logging library or some shit#(log4j my beloved)
5K notes
·
View notes
Text
Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild
Source: https://blog.talosintelligence.com/apache-log4j-rce-vulnerability/
8 notes
·
View notes
Text
CS6035 Log4Shell 2025 Spring Solved
Welcome! For this assignment you will exploit a real world vulnerability: Log4Shell. This will be a capture-the-flag style project where you will exploit a web application with a vulnerable version of log4j. A correct solution will output a ‘flag’ or ‘key’. There are 7 tasks to complete for 7 total flags. 6 required and 1 extra credit for a possible total of 102%. You will submit these flags in…
0 notes
Text
Summary of Cybersecurity Alert: Hackers Exploit Logging Errors!
Importance of Logs: Logs are essential for monitoring, maintaining, and troubleshooting IT systems. However, mismanaged or poorly configured logs can expose vulnerabilities to attackers.
Exploitation by Hackers: Cybercriminals target logging systems to inject malicious code, gain unauthorised access, or steal data. Examples include the Log4Shell vulnerability in the Log4j library.
Consequences of Compromised Logs: A compromised logging system can lead to data breaches, business disruptions, financial losses, regulatory fines, and damaged stakeholder trust.
Securing Logging Systems: Businesses should upgrade to advanced log management tools that provide real-time monitoring, anomaly detection, and centralised secure log storage.
Zero Trust Security Model: Adopting a zero trust approach combined with smart logging practices prevents attackers from freely moving within compromised systems and helps detect malicious activities.
Common Hacker Techniques:
Log Deletion: Attackers delete logs to erase evidence, as seen in the 2017 Equifax breach.
Log Alteration: Hackers modify or forge logs to mislead investigators, as in the 2018 SingHealth breach.
Disabling Logs: Disabling logging services to avoid detection, as in the 2020 SolarWinds attack.
Encrypting Logs: Attackers encrypt logs to prevent analysis, as in the NotPetya ransomware attack.
Changing Retention Policies: Altering log retention settings to ensure evidence is purged before investigation, as seen in the 2018 Marriott breach.
Historical Examples: Real-world breaches like Equifax (2017), SingHealth (2018), SolarWinds (2020), and NotPetya (2017) demonstrate the devastating impact of log manipulation.
Protecting Logs:
Store logs securely.
Restrict access to authorised personnel.
Mask sensitive information in logs.
Error Logs as Targets: Hackers analyse error logs to find vulnerabilities and misconfigurations, crafting precise attacks to exploit these weaknesses.
Business Risk Management: Protecting logging systems is not just an IT issue—it’s a critical part of business risk management to prevent dangers.
The Log4Shell Vulnerability
In late 2021, a critical vulnerability known as Log4Shell (CVE-2021-44228) was discovered in Apache Log4j 2, a widely used Java logging library. This vulnerability allowed attackers to execute arbitrary code on affected systems by exploiting how logs were processed. The flaw was particularly dangerous because it was easy to exploit and affected a vast number of applications and services globally.
1. financial losses and safeguard company reputation.
Consequences of Compromised Logging Systems
When attackers exploit vulnerabilities in logging systems, the repercussions can be severe:
Data Breaches: Unauthorised access to sensitive information can lead to data theft and privacy violations.
Business Interruptions: System compromises can cause operational disruptions, affecting service availability and productivity.
Financial Losses: The costs associated with remediation, legal penalties, and loss of business can be substantial.
Reputational Damage: Loss of stakeholder trust and potential regulatory fines can harm a company's reputation and customer relationships.
Real-World Examples of Log Manipulation
Several high-profile incidents illustrate the impact of log manipulation:
Equifax Breach (2017): Attackers exploited a vulnerability in the Apache Struts framework and manipulated system logs to cover their activities.
SingHealth Breach (2018): Attackers used advanced techniques to hide their presence by altering log entries, delaying detection.
SolarWinds Attack (2020): Attackers disabled logging mechanisms and monitoring systems to avoid detection during their intrusion.
NotPetya Ransomware (2017): Attackers encrypted key system files, including logs, to hamper recovery efforts and obscure their actions.
Protecting logging systems is not merely a technical concern but a critical aspect of comprehensive business risk management. By understanding the risks associated with logging vulnerabilities and implementing robust security strategies, organisations can defend against these hidden dangers and safeguard their operations.
1 note
·
View note
Text
Minecraft has somehow become like a cornerstone of cybersecurity and thats so weird but makes sense because it attracts tech proficient people with lots of free time and insane motivation.
I mean along with what prev said (INSANE btw i cant believe i didnt know this) log4j, one of the most widespread and potentially damaging RCE vulnerabilities, was first discovered in minecraft.
Also the way that griefers discovered how to scan for unprotected minecraft servers (project copenheimer) is nuts. This originated from 2b2t (infamous minecraft anarchy server) players. A couple minecraft and spigot specific exploits were discovered via that server as well (nocom, randar)
Also there were multiple malware scares via minecraft mods and modpacks such as the self-replicating fractureiser that spread on curseforge and bukkit.
Some of these have little to no financial gain (especially the griefing ones). Which circles back to the motivation these people have related to the game creates insane drive and is dangerous because of their tech knowledge.
mine craft seems like a good thing for youngsters actually. it’s creative and non violent and social to a degree. do they do a good job making sure it is safe
54K notes
·
View notes
Text
youtube
Summary
🌐 Introduction to Internet Background Exploitation:
Andrew Morris explains the growing challenges of internet-wide vulnerability exploitation and the concept of "internet background noise," which includes mass scanning and exploitation attempts.
🔍 Key Trends and Challenges:
Mass Exploitation:
Attackers focus on vulnerabilities first, scanning the entire internet for potential targets, rather than targeting specific organizations.
Tools like ZMap and Masscan have made internet scanning faster and more efficient, enabling attackers to find vulnerable systems within minutes.
Proliferation of Noise:
Background noise on the internet arises from both legitimate and malicious activities, complicating the identification of threats.
🔧 Strategies and Tools:
GreyNoise:
Deploys a distributed sensor network to detect and analyze mass exploitation attempts.
Creates signatures for exploitation patterns and provides temporary blocklists to protect vulnerable systems.
Case Studies:
Examples like Log4j and other vulnerabilities show how quickly attackers exploit disclosed vulnerabilities, often within hours.
🎯 Future Outlook:
Emphasis on proactive defense strategies like whack-a-mole-style blocking of malicious IPs.
The importance of global collaboration and data sharing to mitigate internet-wide threats effectively.
0 notes
Text
Log4J shows no sign of fading, spotted in 30% of CVE exploits
http://securitytc.com/T6rJvP
0 notes
Text
Top 7 Cybersecurity attacks in 2023
The cyber threat landscape is continuously evolving. As a cybersecurity company, it's critical we keep our finger on the pulse of emerging attacks and equip customers with adequate defenses. Heading into 2023, these 7 threats concern me most:
Ransomware Mutations - Ransomware isn't new but attackers are customizing strains to exploit specific vulnerabilities more efficiently. Variants like Ryuk, Conti and LockBit wreak havoc with encryption, exfiltration and extortion. Expect more sector-specific strains aimed at healthcare, finance, retail and critical infrastructure.
Third-Party Software Risks - The recent SolarWinds and Log4j vulnerabilities confirm the dangers posed by compromised third-party software embedded extensively in IT environments. Supply chain attacks will accelerate as this attack surface keeps growing. Vetting provider security standards is critical.
Nation-State Cyber Attacks - Geopolitical tensions translate into national cyber offensive groups pilfering data, intellectual property and infrastructure access from rival states. The Russia-Ukraine conflict fueled attacks from groups like Mustang Panda. Such proxy conflicts will expand.
Cloud Infrastructure Threats - Migrating data and platforms to the cloud sparks new infrastructure attack vectors like misconfigurations, authentication weaknesses, and improper access controls. Attackers also directly target providers like AWS and Azure.
AI-Powered Attacks - Offensive AI development will unlock automated, hyper-personalized attacks with long-term persistence mechanisms. Deepfakes further weaponize misinformation. Defenders must embrace AI too.
Quantum Computing Risks - Quantum will utterly break current encryption techniques. Transitioning to quantum-safe cryptography before this processing power matures is key and requires long-term preparation given the costs.
The Human Element - Despite technological advances, human susceptibility to phishing, poor cyber hygiene and social engineering persists. Strengthening the human firewall through robust security awareness training is a must.
While daunting, understanding emerging threats like these ensures our cybersecurity services, software and platforms evolve to counter the sophisticated tools attackers employ. We help customers see around corners and remain resilient. As we head into 2023, it pays to expect the unexpected in cybersecurity - and be ready for it.
0 notes
Text
Operation Blacksmith: Lazarus Group Exploits Log4j Flaws to Deploy RATs | Cyware Hacker News
The North Korea-linked threat group Lazarus has been attributed to a new global campaign that exploits the infamous Log4j flaw to deploy three previously undocumented DLang-based malware – NineRAT, DLRAT, and BottomLoader. The campaign, dubbed Operation Blacksmith, is believed to have been active since March, targeting organizations in the manufacturing, agriculture, and physical security…
View On WordPress
1 note
·
View note
Text
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
The Hacker News : The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based http://dlvr.it/T004tR Posted by : Mohit Kumar ( Hacker )
0 notes
Text
Understanding Different Types of Malware
A cyberthreat is a sign that a hacker or other malicious actor is trying to log into a network without authorization to launch a cyberattack.
Cyberthreats can be obvious, like an email from a foreign power offering a small fortune for your bank account information, or stealthy, like a line of malicious code that sneaks past cyberdefenses and causes a costly data breach for months or years. The more security teams and staff know about cybersecurity threats, the better they can defend, anticipate, and respond to cyberattacks.
Malware
Malware is “malicious software.”
Modern cyberattacks usually contain malware. Malware attacks allow threat actors to gain unauthorized access, disable infected systems, steal sensitive data, and delete system files and data.
Many types of malware exist
Unless the victim pays the ransom, Ransomware threatens to lock or leak the victim’s data or device. According to the IBM Security X-Force Threat Intelligence Index 2023, 17% of cyberattacks in 2022 were ransomware.
Trojan horses trick users into downloading malicious code by posing as helpful programs or hiding in trusted software. Dropper Trojans install more malware after gaining access to the target system or network, and remote access Trojans (RATs) open a covert backdoor on the victim’s device.
Spyware steals usernames, passwords, credit card numbers, and other personal data and sends it to the attacker without the victim’s knowledge.
Worms automatically replicate on apps and hardware without human interaction.
Phishing and social engineering
Social engineering, also called “human hacking,” involves coercing targets into compromising personal or organizational security, revealing confidential information, or putting them at financial risk.
Phishing is the most common social engineering method. Phishing uses phony emails, email attachments, texts, and phone calls to trick people into giving up personal information, login credentials, downloading malware, sending money to cybercriminals, or taking other actions that could expose them to cybercrimes.
Typical phishing schemes:
Spear phishing targets one person and uses their open social media profiles to deceive them.
Whale phishing targets wealthy or powerful people.
Cybercriminals pose as executives, vendors, or trusted business partners to trick victims into sending money or disclosing personal information in business email compromise (BEC) scams.
DNS spoofing, or domain name spoofing, is a common social engineering scam in which cybercriminals impersonate a real website or domain name (such as “applesupport.com” for support.apple.com) to steal sensitive information. Phishing emails often use spoofed sender domain names to appear more trustworthy.
Middleman attack
A man-in-the-middle attack involves a cybercriminal listening in on a network connection to steal data by relaying messages. Hackers love unprotected Wi-Fi networks for MITM attacks.
DDoS attack
A denial-of-service attack floods a website, application, or system with fraudulent traffic, making it unusable or slow for legitimate users. DDoS attacks use a network of internet-connected, malware-infected bots or devices called a “botnet.”
Zero-day bugs
Zero-day vulnerabilities are unknown, unresolved, or unpatched security holes in computer software, hardware, or firmware. Cyberattacks using zero-day exploits exploit this vulnerability. Malicious actors can already access vulnerable systems, so software and device vendors have “zero days” to fix them. This is a “zero day” vulnerability.
The popular Apache Log4j logging library contains Log4Shell, a zero-day vulnerability. When discovered in November 2021, the Log4Shell vulnerability affected 10% of all digital assets worldwide, including many web applications, cloud services, and physical endpoints like servers.
A password attack
As the name implies, cybercriminals try to guess or steal a user’s password or login credentials. Social engineering is used in many password attacks to get victims to reveal sensitive information. Hackers can also brute force passwords by trying popular password combinations until one works.
Cyberattack on IOT
Cybercriminals exploit vulnerabilities in IoT devices like smart home devices and industrial control systems to take over, steal data, or use the device as a botnet.
Injection Attacks
Hackers inject malicious code into a program or download malware to execute remote commands and read or modify databases or website data.
There are several injection attacks. Two popular ones are:
SQL injection attacks hackers use SQL syntax to spoof identity, expose, tamper, destroy, or make data unavailable, or become database server administrators.
Cross-site scripting (XSS) attacks, like SQL injection attacks, infect website visitors instead of extracting data from a database.
Threats to cybersecurity
Cyberthreat sources are almost as diverse as their types. Ethical hackers and unwitting insider threats have positive or neutral intentions, while many threat actors are malicious.
Understanding threat actors’ motivations and tactics is essential to stopping or exploiting them.
Famous cyber attackers include:
Cybercriminals
These people or groups commit cybercrimes for profit. Cybercriminals use ransomware and phishing scams to steal money, credit card information, login credentials, intellectual property, and other sensitive data.
Hackers
Hackers use technical skills to break into computer networks.
Not all hackers are cybercriminals or threat actors. Ethical hackers impersonate cybercriminals to help organizations and government agencies test their computer systems for cyberattack vulnerabilities.
Nation-state actors
Nation states often fund threat actors to steal sensitive data, gather confidential information, or disrupt critical infrastructure. Espionage and cyberwarfare are common, well-funded threats that are hard to detect.
Threats from inside
Unlike most cybercriminals, insider threats are not always malicious. Many insiders harm their companies by unknowingly installing malware or losing a company-issued device that a cybercriminal uses to access the network.
However, malicious insiders exist. Disgruntled employees may abuse access privileges for financial gain (e.g., cybercrime or nation state payment) or revenge.
Anticipating cyberattacks
Antivirus, email security, and strong passwords are essential cyberthreat defenses.
Firewalls, VPNs, multi-factor authentication, security awareness training, and other advanced endpoint and network security solutions protect organizations from cyberattacks.
However, no security system is complete without real-time threat detection and incident response capabilities to identify cybersecurity threats and quickly isolate and remediate them to minimize or prevent damage.
IBM Security QRadar SIEM uses machine learning and UBA to detect threats and remediate faster using network traffic and logs. QRadar SIEM identified false positives, reduced investigation time by 90%, and reduced security breach risk by 60%, saving security analysts more than 14,000 hours over three years, according to a Forrester study. QRadar SIEM gives resource-constrained security teams the visibility and analytics they need to quickly detect threats and take informed action to mitigate an attack.
News source:
0 notes
Video
youtube
Apache Log4j: The Exploit that Almost Killed the Internet
0 notes
Text
Day 7 (retro)
Another missed post - two in a row, how about that?
Even though there were some free moments, I did very little work-related items, but did accomplish one logjam update.
The rest of the time was spent researching very bad holiday music. Yes, I know, this sounds like a hell of a way to spend a Saturday, but there is a very good reason for that. Oh? Really? You want to know?
Well, there is this little podcast I do, and we discussed the top 6 horrible holiday songs. I hear your pending question and six makes for really good math with three hosts.
Otherwise, I took in a little shopping, some really good Cuban food from Pepo's Cuban Cafe, and spent the rest of the time editing two podcasts that should release this month. The one recording from yesterday should release this week, and a recording done the previous week should release between the two impending holidays.
I fell asleep next to my youngest bin lid to the sounds of Tim Allen and the first installment of the Santa Clause (back when we all rather liked Tim Allen, I would like to believe that he is mostly harmless) - I thought the movie was well done and was funny for both kids and adults.
One last thing, I did ask Amazon music to play songs from 1971, and I must say there were some bangers that year. The number one song on the day of my birth - "Family Affair' by Sly & Family Stone. So, I got that going for me.
#log4j exploit#holiday songs#cuban food#santa clause#amazon music#sly & the family stone#number one songs
0 notes
Text
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
Home › Cyberwarfare NSA Outs Chinese Hackers Exploiting Citrix Zero-Day By Ryan Naraine on December 13, 2022 Tweet Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability. Citrix sounded the alarm via a critical-severity…
View On WordPress
#0day#apt5#bug bounty#China#Citrix#citrix adc#csrb#CVE-2022-27518#disclosure#email notification#exploitation#exploits#file transfer#katie moussouris#keyhole panda#Log4j#luta security#manganese#NSA#Reserve Bank of New Zealand#vulnerability#zero-day
0 notes
Text
so you’re telling me the entire clone wars could have been averted if the jedi had any goddamned LOGGING SYSTEMS
watching dooku just delete kamino from the files is hilarious. do they not have better data security? how did he get a master code? would they not notice an empty fucking file? he's not in the order anymore and is just a visitor. how the fuck -
#galaxy brain take: palpatine commissions the log4j exploit#for the sole purpose of breaking the Jedi computer logging systems#so no one can verify that kamino is missing#i’ve connected the dots#i’ve connected them#tales of the jedi#star wars#tales of the jedi spoilers#count dooku#HAVE BETTER ACCESS PROTOCOLS I AM BEGGING YOU
284 notes
·
View notes