NEW INTERNET PROBLEM FOUND CVE-2021-44228

generic-binary-malware

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. More like every spy agency is trying to take advantage.

This issue is called Log4Shell (CVE-2021-44228) which is now being reported in the wild. This affects anyone using log4j to perform logging, and anyone using software that uses log4 which is a large population of enterprise Java software currently available. The Belgium Minister of Defence has reported an incursion due to CVE-2021-44228.

The flaw’s exploitation was apparently first discovered in Minecraft, an online game hugely popular with kids and owned by Microsoft. In the case of Minecraft, attackers were able to get remote code execution on Minecraft Servers by simply pasting a a short message into the chat box.

After verification by the Alibaba Cloud security team, Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected.

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

The impact is comparable to previous Struts vulnerabilities, like the one that impacted Equifax, because the attacks can be done remotely, anonymously without login credentials, and leads to a remote exploit.

New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.

Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare. Apache is rating the internet vulnerability at 10 out of 10.

Debian is having problems with a current version of Firefox that leaves users with a dangerously outdated browser. One of the grey-bearded elders of the Linux distro world, Debian has had issues with Mozilla before. For years, it built its own forks of the Mozilla apps – Iceweasel, Icedove, Iceape, and Iceowl – because of a disagreement over trademark use. But this time the issues are technical rather than legal. Debian releases get updates for five years, but Mozilla puts out a new Firefox ESR annually, so this will be a nuisance for years to come. One way round this that works on both Debian and Ubuntu is to use UbuntuZilla. This long-running third-party project packages the latest Mozilla builds of Firefox, Firefox-ESR, Thunderbird, and Seamonkey for Debian-derived distros.