New zero-day exploit for Log4j Java library is an enterprise nightmare
ALPHV BlackCat – This year’s most sophisticated ransomware
Volvo Cars discloses security breach leading to R&D data theft
Massive attack against 1.6 million WordPress sites underway
Microsoft: These are the building blocks of QBot malware attacks
Amazon explains the cause behind Tuesday’s massive AWS outage
Want to become a networking expert? Try this $69 Cisco course bundle
Researchers release ‘vaccine’ for critical Log4Shell vulnerability
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Researchers from cybersecurity firm Cybereason has released a “vaccine” that can be used to remotely mitigate the critical ‘Log4Shell’ Apache Log4j code execution vulnerability running rampant through the Internet.
Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs. The software is heavily used in the enterprise, eCommerce platforms, and games, such as Minecraft who rushed out a patched version earlier today.
Early this morning, researchers released a proof-of-concept exploit for a zero-day remote code execution vulnerability in Apache Log4j tracked as CVE-2021-44228 and dubbed ‘Log4Shell.’ 
While Apache quickly released Log4j 2.15.0 to resolve the vulnerability, the vulnerability is trivial to exploit, and cybersecurity firms and researchers quickly saw attackers scan and attempt to compromise vulnerable devices.
As threat actors can exploit this vulnerability by simply changing their web browser’s user agent and visiting a vulnerable site or searching for that string on a site, it quickly became a nightmare for the enterprise and some of the most popular websites on the web.
Friday evening, cybersecurity firm Cybereason released a script, or “vaccine,” that exploits the vulnerability to turn off a setting in remote, vulnerable Log4Shell instance. Basically, the vaccine fixes the vulnerability by exploiting the vulnerable server.
This project is called ‘Logout4Shell’ and walks you through setting up a Java-based LDAP server and includes a Java payload that will disable the ‘trustURLCodebase’ setting in a remote Log4j server to mitigate the vulnerability.
“While the best mitigation against this vulnerability is to patch log4j to 2.15.0 and above, in Log4j version (>=2.10) this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or by removing the JndiLookup class from the classpath,” Cybereason explains on the Logout4Shell GitHub Page.
“Additionally, if the server has Java runtimes >= 8u121, then by default, the settings com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase are set to “false”, mitigating this risk.
This may sound like a helpful tool to quickly neutralize the vulnerability in an environment you manage. Still, there are obvious concerns that threat actors or grey hat hackers will co-opt it for illegal behavior.
It is common for threat actors to breach a device and patch vulnerabilities to block other hackers from taking over a compromised server.
There is also concern that security researchers may use the vulnerability to remotely fix servers, even though doing something like this is considered illegal.
However, this has not stopped grey hats from using exploits to take vulnerable devices offline. In the past, we saw the BrickerBot malware take vulnerable routers offline, and gray hates exploiting Internet-connected printers to issue warnings to take them offline.
When we asked Cybereason if they were concerned their Logout4Shell project could be abused, Cybereason CTO Yonatan Striem-Amit told BleepingComputer that they believe the benefits outweigh the potential for abuse in this situation.
While always a possibility, it’s an issue of a calculated risk. This vulnerability is so critical and already massively abused across the Internet, we felt compelled to offer something to help defenders across the globe buy precious time against these hackers.
From an impact perspective, it’s very similar to the Apache Struts vulnerability that was used to steal information from Equifax in May-July 2017.” – Yonatan Striem-Amit, CTO and Co-founder, Cybereason.
If you are interested in trying out Logout4Shell, you can visit the project’s GitHub page.
New zero-day exploit for Log4j Java library is an enterprise nightmare
Minecraft rushes out patch for critical Log4j vulnerability
New Cerber ransomware targets Confluence and GitLab servers
Microsoft shares temp fix for ongoing Office 365 zero-day attacks
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Not a member yet? Register Now
New zero-day exploit for Log4j Java library is an enterprise nightmare
Malicious Notepad++ installers push StrongPity malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Lockean multi-ransomware affiliates linked to attacks on French orgs

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Utah medical center hit by data breach affecting 582k patients

US indicts Iranian hackers for Proud Boys voter intimidation emailsWinamp prepares a…

Hackers infect random WordPress plugins to steal credit cards

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Hundreds of SPAR stores shut down, switch to cash after cyberattack

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…