Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
222329 ARSTECHNICA 2021-12-14:
Hackers launch over 840,000 attacks through Log4J flaw
1.000 Find similar Compare side-by-side
222191 ZDNET 2021-12-14:
Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability
0.984 0.568 Find similar Compare side-by-side
222448 ZDNET 2021-12-13:
Log4j update: Experts say log4shell exploits will persist for 'months if not years'
0.848 0.552 Find similar Compare side-by-side
222501 TECHREPUBLIC 2021-12-15:
Log4j: How to protect yourself from this security vulnerability
0.929 0.548 Find similar Compare side-by-side
222204 ZDNET 2021-12-13:
Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability
0.882 0.545 Find similar Compare side-by-side
222451 ZDNET 2021-12-14:
US warns Log4j flaw puts hundreds of millions of devices at risk
0.977 0.543 Find similar Compare side-by-side
222285 ZDNET 2021-12-15:
Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft
0.925 0.537 Find similar Compare side-by-side
222589 VENTUREBEAT 2021-12-16:
With Log4j vulnerability, the full impact has yet to come
0.295 0.533 Find similar Compare side-by-side
222854 ZDNET 2021-12-17:
CISA: Federal agencies must immediately mitigate Log4J vulnerabilities
0.518 Find similar Compare side-by-side
222849 ZDNET 2021-12-17:
Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China
0.515 Find similar Compare side-by-side
222346 ZDNET 2021-12-14:
Log4j flaw could be a problem for industrial networks 'for years to come'
0.894 0.513 Find similar Compare side-by-side
222322 ZDNET 2021-12-14:
Second Log4j vulnerability discovered, patch already released
0.860 0.512 Find similar Compare side-by-side
222384 TECHREPUBLIC 2021-12-13:
Critical Log4Shell security flaw lets hackers compromise vulnerable servers
0.290 0.510 Find similar Compare side-by-side
222223 VENTUREBEAT 2021-12-13:
Log4j exploits suggest attackers gearing up for ransomware
0.811 0.508 Find similar Compare side-by-side
222652 ZDNET 2021-12-15:
Cybersecurity experts debate concern over potential Log4j worm
0.558 0.500 Find similar Compare side-by-side
222477 ZDNET 2021-12-16:
Log4j flaw: This new threat is going to affect cybersecurity for a long time
0.343 0.500 Find similar Compare side-by-side
222469 ZDNET 2021-12-14:
CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24
0.779 0.491 Find similar Compare side-by-side
222347 ZDNET 2021-12-14:
Log4j zero-day flaw: What you need to know and how to protect yourself
0.931 0.491 Find similar Compare side-by-side
222327 VENTUREBEAT 2021-12-14:
Log4j exploits attempted on 44% of corporate networks; ransomware payloads spotted
0.918 0.484 Find similar Compare side-by-side
222415 VENTUREBEAT 2021-12-15:
Microsoft: Ransomware ‘access brokers’ now exploiting Log4j vulnerability
0.481 Find similar Compare side-by-side
222370 VENTUREBEAT 2021-12-10:
The Log4j vulnerability is bad. Here’s the good news
0.477 Find similar Compare side-by-side
222515 VENTUREBEAT 2021-12-15:
Microsoft confirms new ransomware family deployed via Log4j vulnerability
0.474 Find similar Compare side-by-side
222392 VENTUREBEAT 2021-12-12:
Microsoft: Log4j exploits extend past crypto mining to outright theft
0.552 0.474 Find similar Compare side-by-side
222466 ZDNET 2021-12-14:
Khonsari ransomware, Nemesis Kitten are exploiting Log4j vulnerability
0.706 0.471 Find similar Compare side-by-side
222412 ZDNET 2021-12-13:
Log4j RCE activity began on December 1 as botnets start using vulnerability
0.561 0.465 Find similar Compare side-by-side

1

ID: 222329

URL: https://arstechnica.com/information-technology/2021/12/hackers-launch-over-840000-attacks-through-log4j-flaw/

Date: 2021-12-14

Hackers launch over 840,000 attacks through Log4J flaw

Researchers claim Chinese government groups are among the perpetrators. Cyber security group Check Point said the attacks relating to the vulnerability had accelerated in the 72 hours since Friday, and that at some points its researchers were seeing more than 100 attacks a minute. Perpetrators include Chinese government attackers, according to Charles Carmakal, chief technology officer of cyber company Mandiant. The flaw in Log4J allows attackers to easily gain remote control over computers running apps in Java, a popular programming language. Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), told industry executives that the vulnerability was one of the most serious Ive seen in my entire career, if not the most serious, according to US media reports. Hundreds of millions of devices are likely to be affected, she said. Check Point said that in many cases, the hackers were taking control of computers to use them to mine cryptocurrency, or to become part of botnets, vast networks of computers that can be used to overwhelm websites with traffic, to send spam, or for other illegal purposes. Both CISA and the UKs National Cyber Security Centre have now issued alerts urging organizations to make upgrades related to the Log4J vulnerability, as experts attempt to assess the fallout. Amazon, Apple, IBM, Microsoft, and Cisco are among those that have rushed to put out fixes, but no severe breaches have been reported publicly so far. Mandiants Carmakal said that Chinese state-backed actors were also attempting to exploit the Log4J bug but declined to share further details. Researchers at SentinelOne have also told media that they have observed Chinese hackers taking advantage of the vulnerability. According to Check Point, nearly half of all attacks have been conducted by known cyber attackers. These included groups using Tsunami and Mirai—malware that turns devices into botnets, or networks used to launch remotely controlled hacks such as denial of service attacks. It also included groups using XMRig, a software that mines the hard-to-trace digital currency Monero. With this vulnerability, attackers gain almost unlimited power— they can extract sensitive data, upload files to the server, delete data, install ransomware or pivot to other servers, Nicholas Sciberras, head of engineering at vulnerability scanner Acunetix, said. It was astonishingly easy to deploy an attack, he said, adding that it would be exploited for months to come. The source of the vulnerability is faulty code developed by unpaid volunteers at the non-profit Apache Software Foundation, which runs multiple open source projects, raising questions about the security of vital parts of IT infrastructure. Log4J has been downloaded millions of times. The flaw has existed unnoticed since 2013, experts say. Matthew Prince, chief executive of cyber group Cloudflare, said it started to be actively exploited from December 1, although there was no evidence of mass exploitation until after public disclosure from Apache the following week. © 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.