Warning Log4j hackers using Java bypass leaving ‘whole NEW pool of potential victims’ at risk of malware attacks

Warning Log4j hackers using Java bypass leaving ‘whole NEW pool of potential victims’ at risk of malware attacks

A WARNING has been issued for those who use the Log4J logging library that a spreading botnet could open up “a whole new pool of potential victims.”

The warning was issued by Cybersecurity blog MalwareTech and has led some users to begin panicking on Twitter.

Getty

A new warning has been issued about a spreading botnet[/caption]

“Just caught a botnet spreading using the Java trustURLCodebase=false mitigation bypass for log4j (CVE-2021-44228),” a tweet from Marcus Hutchins, who operates MalwareTech, says.

“This is the first internet wide scanner I’ve seen doing this and it opens up a whole new pool of potential victims.”

Commenters asked for a bit more clarity and Hutchins warned that his research into the potential new threat was in early stages.

“Is this ‘Infosec people made a mistake, but are getting it together’ bad or ‘people shouldn’t order anything online until this gets sorted out’ bad?” one user asked.

Hutchins replied, “Neither. Nobody made a mistake, and it’s not bad bad just not good either,” before noting that he would provide more information later.

Another commenter provided a bit more clarity about who and what programs may be affected by the threat.

Most read in Tech

LOG OFF


Thousands of Facebook users warned over ‘spies for hire’ that snoop on your account

TAP TIP


You’re using WhatsApp wrong – neat trick means you can always find important texts

X MARKS THE SPOT


New Xbox Elite console ‘revealed’ – and it looks BETTER than a PS5

SNAP HACK


How to screenshot on Snapchat without the other person being notified

XXX-TRA!


Pornhub’s ‘Year in Review’ reveals what XXX fans in US and UK love watching

CLOSED BOOK


You’re using Facebook Messenger wrong – texts are waiting in hidden inbox


“The issue affects software / services written in Java and use the Log4J logging library,” the wrote.

“If none of that makes sense, you probably aren’t directly affected, but services you use might be.”

A botnet, short for bot network, is a network of hijacked computers and/or devices that are infected with malware and controlled remotely by a hacker.

The botnet may be used to send spam or launch other attacks on infected computers.

Recently, Google warned users about a vulnerability reported on December 9 that could allow systems running Apache Log4j version 2.14.1 or below to be compromised.

Attackers are attempting to scan the internet for vulnerable Log4j with 100 attempts to exploit the vulnerability every minute, according to researchers at Check Point.

Cybersecurity researchers at Sophos said they detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability.

Getty

Google recently issued a warning about a Log4j vulnerability[/caption]

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.