Reasons Why The Log4j Java Library Security Problem Is Concerning
Log4j is a new and exciting tool that allows you to create your own logs. Log4j is a name you will likely hear more about over the coming weeks. You might end up with a few headaches.
Log4j is a Java library. It logs error messages in Java applications. It is a worker who has been overlooked in the back office.
It turns out, as is often the case for back office clerks who are overworked, that they are important. It can cause huge ripple effects if one of them has issues. This is exactly what is happening here. This library is open-source and one of the foundational components of Java-logging.
Researchers recently discovered a remote code execution flaw within Log4j, which is being exploited by the wild.
This issue is being identified as CVE-2024-44228. It has a severity score 10/10, so it is serious. It's a serious problem, in fact, that the UK's National Cyber Security Centre issued a bulletin.
This is a widespread issue that affects almost every device connected to the internet that runs Apache Log4j versions 2.0-2.141. Worse, at least one hacker is already exploiting the flaw. Mirai is a botnet that targets IoT devices. It has been modified to exploit this flaw.
Both Cisco and VMware released patches to address the issue in their products affected by it. The industry as a whole is slow to respond to this cyber threat.
This is dangerous, as the internet's impact on the economy is so critical. Any event that has a significant impact on the internet will have huge ripple effects that will last for many months, if not years.
Integrated Technology Systems managed IT services provide you with 24/7 365 coverage of your network. You can sleep at night knowing your data is protected.
New Ransomware Named AvosLocker Uses Multiple Tricks In Attacks
AvosLocker is a new type of ransomware that you should be wary of. This warning comes from Sophos, a security company that warns of a new strain human-operated ransomware.
AvosLocker emerged on the scene in the summer of 2021. After some success with their product, the coders are now looking for partners to help fill the gap created by REvil's departure.
The malware leverages the AnyDesk remote IT admin software while running in Windows Safe Mode. This is one of the main features of its design. We have seen malware that uses Windows Safe Mode. Although Safe Mode is not as common, it loads with a small number of drivers.
AnyDesk is a legitimate tool that thousands of professionals use every day all around the globe. It is however being used in a malicious way. By combining it with Safe Mode, hackers can cause serious damage to their targets.
Sophos' Director for Incident Response is Peter Mackenzie. Mackenzie said that the new strain uses simple, but clever, tactics and methods to accomplish their goals and cause a potential data breach. They've been amazing successful so far. This is what the company had to say about this new strain.
"Ransomware, especially when hand-delivered (as was the case with these Avos Locker cases), can be a difficult problem to solve. One needs to deal with not only the ransomware but also any backdoor mechanisms that the threat actors have created to access the targeted network. In these situations, no alert should be considered "low priority", regardless of how benign it may seem."
