Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Researchers Release ‘vaccine’ for Critical Log4Shell Vulnerability

Researchers Release ‘vaccine’ for Critical Log4Shell Vulnerability

Researchers from cybersecurity firm Cybereason has released a “vaccine” that can be used to remotely mitigate the critical ‘Log4Shell’ Apache Log4j code execution vulnerability running rampant through the Internet.

Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs. The software is heavily used in the enterprise, eCommerce platforms, and games, such as Minecraft who rushed out a patched version earlier today.

Early this morning, researchers released a proof-of-concept exploit for a zero-day remote code execution vulnerability in Apache Log4j tracked as CVE-2021-44228and dubbed ‘Log4Shell.’ 

Also Read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+

While Apache quickly released Log4j 2.15.0 to resolve the vulnerability, the vulnerability is trivial to exploit, and cybersecurity firms and researchers quickly saw attackers scan and attempt to compromise vulnerable devices.

As threat actors can exploit this vulnerability by simply changing their web browser’s user agent and visiting a vulnerable site or searching for that string on a site, it quickly became a nightmare for the enterprise and some of the most popular websites on the web.

Vaccine released for Log4Shell

Friday evening, cybersecurity firm Cybereason released a script, or “vaccine,” that exploits the vulnerability to turn off a setting in remote, vulnerable Log4Shell instance. Basically, the vaccine fixes the vulnerability by exploiting the vulnerable server.

This project is called ‘Logout4Shell’ and walks you through setting up a Java-based LDAP server and includes a Java payload that will disable the ‘trustURLCodebase’ setting in a remote Log4j server to mitigate the vulnerability.

“While the best mitigation against this vulnerability is to patch log4j to 2.15.0 and above, in Log4j version (>=2.10) this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or by removing the JndiLookup class from the classpath,” Cybereason explains on the Logout4Shell GitHub Page.

“Additionally, if the server has Java runtimes >= 8u121, then by default, the settings com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase are set to “false”, mitigating this risk.

Also Read: Cost of GDPR Compliance for Singapore Companies

This may sound like a helpful tool to quickly neutralize the vulnerability in an environment you manage. Still, there are obvious concerns that threat actors or grey hat hackers will co-opt it for illegal behavior.

It is common for threat actors to breach a device and patch vulnerabilities to block other hackers from taking over a compromised server.

There is also concern that security researchers may use the vulnerability to remotely fix servers, even though doing something like this is considered illegal.

However, this has not stopped grey hats from using exploits to take vulnerable devices offline. In the past, we saw the BrickerBot malware take vulnerable routers offline, and gray hates exploiting Internet-connected printers to issue warnings to take them offline.

When we asked Cybereason if they were concerned their Logout4Shell project could be abused, Cybereason CTO Yonatan Striem-Amit told BleepingComputer that they believe the benefits outweigh the potential for abuse in this situation.

While always a possibility, it’s an issue of a calculated risk. This vulnerability is so critical and already massively abused across the Internet, we felt compelled to offer something to help defenders across the globe buy precious time against these hackers.

From an impact perspective, it’s very similar to the Apache Struts vulnerability that was used to steal information from Equifax in May-July 2017.” – Yonatan Striem-Amit, CTO and Co-founder, Cybereason.

If you are interested in trying out Logout4Shell, you can visit the project’s GitHub page.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us