More bad news could not come for us users who use the network daily and above all for some of the largest companies that base their business and services on the network. A vulnerability as widespread as it is dangerous has been brought to light that affects many aspects of the internet.
The vulnerability is known as Log4Shell and was discovered at the end of last week, when several Minecraft services and news sites detected the circulation of a malware code , exploiting this zero-day vulnerability. After a while it was understood that Minecraft was not the only object of attack but that the vulnerability affects a large number of services .
As you can see from the images collected right below, tests have been carried out in different cloud services, some of which are very famous such as Apple and Cloudflare , have been queried using parameters similar to those provided by attacks on Minecraft services. Subsequently, the server responses were monitored with the dnslog.cn domain , which reveals if there is a cloud service in the DNS lookup phase. This is precisely what the monitoring resulted in, a sign that the services were accepting connections from a machine controlled by those who carried out the attacks last week.
Normally, in fact, typing information in the boxes reserved for username and password should not allow any connection from external networks . This does not happen precisely due to the presence of the Log4Shell vulnerability.
Technically, the vulnerability is inherent in Log4j , a Java-based logging package developed by the Apache Software Foundation . This package is used in the vast majority of cloud services , which is why so many providers have their data and those of their users at risk. The vulnerability is contained between Log4j versions 2.0-beta-9 and 2.14.1 . With version 2.15.0 it has been fixed. Too bad that to stay safe, all providers and suppliers will have to update Log4j to this latest version.
The consequences of exploiting this vulnerability are potentially catastrophic for users’ personal information and for servers in large companies that are vulnerable. As explained by Thomas Reed , the director of Mac & Mobile at Malwarebytes, the theft of Apple users’ personal data may already have taken place or is currently in progress . The same is true of Apple’s proprietary data stored in its infrastructure.
Clearly the problem does not concern only Apple and Minecraft , but all the services that rely on Log4j. These include Amazon , Steam , Tesla , Twitter , Baidu and Cloudflare . The latter has made it known that it has implemented additional security protections by default for all its users, including those who have not subscribed to a paid plan. Minecraft also reported making corrections . It remains to be understood how effective and robust they are, we will come back to update you as soon as news emerges.
Mass scanning activity detected from multiple hosts checking for servers using Apache Log4j (Java logging library) vulnerable to remote code execution (https://t.co/GgksMUlf94).
Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs. #threatintel
— Bad Packets (@bad_packets) December 10, 2021