Cyber Security leaders from Canada, America, Australia, New Zealand, and the United Kingdom released a new informational Log4J advisory detailing mitigations and technical details to tackle known vulnerabilities in the Apache Log4j Software library.
The project is collaborated by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and NSA, including Australia Cyber Security Centre (ACSC), and Canadian Centre for Cyber Security (CCCS). Other, world agencies like Computer Emergency Response Team New Zealand (CERT NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom’s National Cyber Security (NCSC-UK) also joined in the effort.
The agencies said they circulated the advisory in an attempt to mitigate “active, worldwide exploitation by numerous threat actors, including malicious cyber threat actors.” Several, malware and cybercriminal groups from Iran, Turkey, North Korea, and China have exploited the vulnerability.
“This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The information and code in this repository is provided “as is” and was assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community,” reads the description for the project.
Here is the list of features implemented in the log4j-scanner:
- WAF Bypass payloads
- Supports DNS callback for vulnerability discovery and validation.
- Fuzzing for JSON data parameters
- Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
- Support for lists of URLs.
Government experts warn of efficient hackers who are actively scanning networks to potentially exploit the above-mentioned flaws in vulnerable systems.
We published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities: https://t.co/af8uszW8K4
— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 21, 2021
Jen Easterly, director of CISA, said Log4j vulnerabilities present a serious danger to sensitive organizations and government institutes worldwide.
“We implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks,” Easterly said. “These vulnerabilities are the most severe that I’ve seen in my career, and it’s imperative that we work together to keep our networks safe.”
CISA also instructed Federal Civilian Executive Branch agencies to tack the severe Log4Shel vulnerability in the Log4j library by December 24th, 2021.
One of the leading VPN providers, ExpressVPN has also come up with a new feature, offering protection against Log4Shell that has wreaked havoc across the internet world.