You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Cyber
Log4j Chatter: What Threat Actors Are Sharing About the Log4Shell Vulnerability
2021-12-18
For all you computer mavens. Please explain in simple language what the rest of us need to know.
[FlashpointIntel] Now a week since the Apache Log4j disclosure, organizations are feverishly attempting to identify and patch all potential vulnerabilities to their systems and infrastructure. In the meantime, threat actors across various illicit communities are actively discussing ways to exploit and further monetize this vulnerability.

Below, we break down the most significant chatter amongst threat actor groups, with a particular focus on deep and dark web forums XSS, Raid, and RAMP.
Posted by:newc

#5  It is used in a lot of Java-based business applications I'm afraid. Even if it is not used directly, a library which you app uses might use it. The Minecraft server is just one example - and it is just game.
For example a widely used application server, karaf, uses it. A 'patched' version is due out in the next day or two. in the meantime a lot of business had to go and explicitly disable the 'feature'.
There is also a lot of scanning and looking for the exploit going on the internet according those who monitor such things.

Code these days are build much like a house of cards and if one of the cards get wet and folds.
Posted by: CrazyFool   2021-12-18 22:34  

#4  Apache is used too many places.
I looked in my linux apps... lots of apache code re-used for who the hell knows what.
Posted by: 3dc   2021-12-18 20:03  

#3  That does help, Rob. Thank you for explaining, and also for being part of the crew keeping the internet safe for us end-users.
Posted by: trailing wife   2021-12-18 19:12  

#2  Basically: a widely used bit of shared code has a feature that makes it easy to open access to the computer running it. That feature, for some reason, was enabled for everyone rather than requiring the few people who wanted it to enable it for themselves.

In the last week and a half, most of the software using that shared code -- and a lot that doesn't -- has been updated so that feature is disabled. I've personally burnt half the week on it, despite none of the projects I'm responsible for using the vulnerable code.

The only consumer application I'm aware of that uses the code is Java Minecraft, and updates for it and its various utilities went out the first night after the vulnerability was announced.
Posted by: Rob Crawford   2021-12-18 05:08  

#1  1. Why is the IT staff lazy?
2. Why doesn't GitHub sieve their own content?
3. why is there no AI monitoring forums?
4. Ad for Flashpoint.
Posted by: Skidmark   2021-12-18 01:03  

00:00