Apache – Page 9 – WindowsTechs.com

The Log4j flaw is the latest reminder that quick security fixes are easier said than done

Posted on December 21, 2021 by AJ Vicens

Cybersecurity professionals have spent weeks scrambling to address a bug in a widely used software library that could enable hackers to steal data, launch ransomware attacks or otherwise knock systems offline. The bug, known as Log4Shell, exists in Log4j, an open-source software tool that is used widely in the technology industry. The flaw could allow for attackers, in some cases, to take over vulnerable systems by duping a target into logging code capable of downloading malware hosted elsewhere. Given the ubiquity of the software and the sheer number of vulnerable systems, U.S. cybersecurity officials gave federal agencies until Dec. 23 to evaluate their exposure and take remediation steps, urging private sector entities to do the same. Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, had previously called the bug perhaps “the most serious” she’d seen in her career. The CISA directive cited “active […]

The post The Log4j flaw is the latest reminder that quick security fixes are easier said than done appeared first on CyberScoop.

Continue reading The Log4j flaw is the latest reminder that quick security fixes are easier said than done→

Is my MySQL Server (run by php/apache) affected by the Log4j vulnerability?

Posted on December 21, 2021 by Parking Master

From an article for the new Log4j vulnerability, it reads here:

A researcher working for Chinese tech firm Alibaba discovered the bug and privately informed the Apache Software Foundation, an all-volunteer corporation that develops and ma… Continue reading Is my MySQL Server (run by php/apache) affected by the Log4j vulnerability?→

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

Posted on December 21, 2021 by Paul Ducklin

The Apache web server just got an update – this one is nothing to do with Log4j! Continue reading Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!→

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

Posted on December 18, 2021 by Dereck Stubbs

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered. The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

Continue reading Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them→

On the Log4j Vulnerability

Posted on December 14, 2021 by Bruce Schneier

It’s serious:

The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username…

Continue reading On the Log4j Vulnerability→

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Posted on December 13, 2021 by Graham Cluley

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. Continue reading Log4Shell: The race is on to fix millions of systems and internet-connected devices→

CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices

Posted on December 13, 2021 by Tim Starks

Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library “is one of the most serious I’ve seen in my entire career, if not the most serious.” “We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” she said of the Apache Log4j flaw. The issue is an unauthenticated remote execution vulnerability that could allow an intruder to take over an affected device. Hundreds of millions of devices are likely to be affected, said Jay Gazlay of CISA’s vulnerability management office in the call with critical infrastructure owners and operators. CISA, a component of the Department of Homeland Security, is setting up a dedicated website as soon as Tuesday to provide information and counter “active disinformation,” said Eric […]

The post CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices appeared first on CyberScoop.

Continue reading CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices→

Ghostcat exploit, how to use it?

Posted on December 13, 2021 by J.erome

I have a CTF machine. I can see the port 8009 and 80 open. From that I found pretty quickly the Ghostcat exploit.
I then listed the folder of the machine and I got :

then I followed this article
I created the file 48143.py and pasted the … Continue reading Ghostcat exploit, how to use it?→

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Posted on December 13, 2021 by Zeljka Zorz

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation→

How Log4j Vulnerability Could Impact You

Posted on December 11, 2021 by Nick Rossmann

If you hadn’t heard of Apache Log4j, chances are it’s on your radar now. In fact, you may have been using it for years. Log4j is a logging library. Imagine writing your daily activities into a notebook. That notebook is Log4j. Developers and programmers use it to take notes about what’s happening on applications and […]

The post How Log4j Vulnerability Could Impact You appeared first on Security Intelligence.

Continue reading How Log4j Vulnerability Could Impact You→