Connect with us

Hi, what are you looking for?

Technology

New Log4j attack vector can affect local hosts with no internet access


In context: The past week has kept IT organizations scrambling to respond to the Log4j vulnerability impacting systems around the world. As security experts have continued to identify additional bugs in the logging utility, network administrators have worked tirelessly to identify and close off any potential access that that may allow the vulnerability to be exploited. Unfortunately, a newly discovered vector has proven that even isolated systems with no internet connectivity may be just as vulnerable, further complicating the already enormous problem.

Researchers at Blumira have more bad news for the IT community battling Log4j security exploits. While previous findings indicated that impacted systems would require some type of network or internet connectivity, the security firm’s recent discovery now asserts that services running as local host with no external connection can also be exploited. The finding pointed researchers to several more use cases outlining alternative approaches to compromise unpatched assets running Log4j.

A technical post by Blumira CTO, Matthew Warner outlines how a malicious actor can impact vulnerable local machines. Warner states that WebSockets, which are tools that allow fast, efficient communication between web browsers and web applications, could be used to deliver payloads to vulnerable applications and servers with no internet connectivity. This specific attack vector means the unconnected but vulnerable assets could be compromised simply by an attacker sending a malicious request using an existing WebSocket. Warner’s post details the specific steps a malicious actor would take to initiate the WebSocket-based attack.

The newly identified attack vector will result in a greater number of vulnerable assets across already heavily affected industries. According to Check Point Software, over 50% of all government, military, finance, distribution, ISP, and education organizations are currently affected by the Log4j vulnerability.

Warner notes that there are available methods organizations can use to detect any existing Log4j vulnerabilities:

  • Run Windows PoSh or cross platform scripts designed to identify where Log4j is used within local environments
  • Look for any instance of .*/java.exe” being used as the parent process for “cmd.exe/powershell.exe”
  • Ensure your organization is set up to detect the presence of Cobalt Strike, TrickBot, and related common attacker tools

Impacted organizations can update their instances of Log4j to Log4j 2.16 to mitigate the tool’s vulnerability. This includes any organization that may have applied the previous remediation, version 2.15, which was later found to include its own set of related vulnerabilities.



Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Advertisement

Latest

Loan And Finance

The National Council of Insurance Legislators (NCOIL) has announced its lineup of committee chairs and vice chairs for 2022. “I am looking forward to...

Online Business Success

Murali Kashaboina is the co-founder and CEO of Entrigna, inc., an AI-driven real-time decisions company. getty As we understand it, healthcare is for humans,...

Online Business Success

Alex Canter, CEO of Nextbite and Ordermark, is a restaurant industry innovator. He was raised in the kitchen of world-famous Canter’s Deli. getty The...

Top Stories

The competition among the computing networks is warming up, with decentralized players coming into the stage with backing from the crypto ecosystem. Decentralized storage...

Technology

President Joe Biden signed a national security memorandum (NSM) on Wednesday to increase the security of national security systems part of critical US government...

Online Business Success

— Reuters/File Gold price settles at Rs125,900 per tola in the domestic market. Dealers say despite wedding season, local demand is dismal. Silver prices...

Loan And Finance

Insurance Business America’s Fast Brokerages 2022 list is entering its final stages. To be considered, submit an entry through the online form that asks...

Online Business Success

Donovan Weber, President of Forecast3D getty It’s no secret that today’s original equipment manufacturers (OEMs) face an array of supply chain management issues. These challenges...

Advertisement

You May Also Like

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

Blogging

In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...

Advertisement