Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

Share on linkedin
Share on facebook
Share on twitter

A critical zero-day vulnerability in Apache Log4j, a widely used Java logging library, is being leveraged by attackers in the wild – for now primarily to deliver coin miners.

Reported to the Apache Software Foundation by Chen Zhaojun of Alibaba Cloud Security Team, the bug has now apparently been fixed in Log4j v2.15.0, just as a PoC has popped up on GitHub and there are reports that attackers are already attempting to compromise vulnerable applications/servers.

The Apache Software Foundation says that in Apache Log4j2 versions 2.14.1 and earlier “JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.”

“The log4j vulnerability parses this and reaches out to the malicious host via the ‘Java Naming and Directory Interface’. The first-stage resource acts as a springboard to another attacker-controlled endpoint, which serves Java code to be executed on the original victim. Ultimately, this grants the adversary the opportunity to run any code they would like on the target: remote code execution,”.

“Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable. Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.”

“If your organization uses Apache log4j, you should upgrade to log4j-2.1.50.rc2 immediately. Be sure that your Java instance is up-to-date; however, it’s worth noting that this isn’t an across-the-board solution. You may need to wait until your vendors push security updates out for their affected products,” Hammond added.

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

483 Crypto.com accounts compromised in $34 million hack

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise...
Read The Article

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity...
Read The Article

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.