Tech
Sophos Alerts Businesses As Intelligence Shows Cyberattackers Are Exploiting Apache Log4Shell Vulnerability To Exploit Unpatched Systems
Following the reporting of the Apache Log4Shell vulnerability, Sophos has provided new threat intelligence on how cyberattackers are already exploiting or attempting to exploit unpatched systems.
The threat intelligence as detailed in the SophosLabs Uncut report, Log4Shell Hell: Anatomy of an Exploit Outbreak, shows that Sophos is seeing a rapid uptick in attacks exploiting or attempting to exploit this vulnerability, with hundreds of thousands of attempts detected so far.
The report also indicated that Cryptomining botnets are among the earliest “attack” adopters; botnets focus on Linux server platforms, which are particularly exposed to this vulnerability.
Sophos has also seen attempts to extract information from services, including Amazon Web Services keys and other private data.
The company said it observed that attempts to exploit network services start by probing for different types.
Around 90 percent of the probes Sophos detected were focused on the Lightweight Directory Access Protocol (LDAP.) A smaller number of probes targeted Java’s Remote Interface (RMI,) but Sophos researchers noted that there seem to be a larger variety of unique RMI-related attempts
Sophos said it expects adversaries to intensify and diversify their attack methods and motivations in the coming days and weeks, including the possibility of leveraging for ransomware.
According to Sean Gallagher, senior threat researcher at Sophos, in the SophosLabs Uncut report issued on Dec. 9, Sophos has detected hundreds of thousands of attempts to remotely execute code using the Log4Shell vulnerability.
“Initially, these were Proof-of-Concept (PoC) exploit tests by security researchers and potential attackers, among others, as well as many online scans for the vulnerability. This was quickly followed by attempts to install coin miners, including the Kinsing miner botnet.
The most recent intelligence suggest attackers are trying to exploit the vulnerability to expose the keys used by Amazon Web Service accounts. There are also signs of attackers trying to exploit the vulnerability to install remote access tools in victim networks, possibly Cobalt Strike, a key tool in many ransomware attacks.
“The Log4Shell vulnerability presents a different kind of challenge for defenders. Many software vulnerabilities are limited to a specific product or platform, such as the ProxyLogonand ProxyShellvulnerabilities in Microsoft Exchange. Once defenders know what software is vulnerable, they can check for and patch it.
However, Log4Shell is a library that is used by many products. It can therefore be present in the darkest corners of an organization’s infrastructure, for example any software developed in-house. Finding all systems that are vulnerable because of Log4Shell should be a priority for IT security.
“Sophos expects the speed with which attackers are harnessing and using the vulnerability will only intensify and diversify over the coming days and weeks. Once an attacker has secured access to a network, then any infection can follow.
Therefore, alongside the software update already released by Apache in Log4j 2.15.0, IT security teams need to do a thorough review of activity on the network to spot and remove any traces of intruders, even if it just looks like nuisance commodity malware”, Gallagher added,
New and additional information on how Log4Shell works is also available in the Sophos Naked Security article, Log4Shell Explained – How it Works, Why You Need to Know, and How to Fix It, by Paul Ducklin.
According to Paul Ducklin, principal research scientist at Sophos:
“Technologies including IPS, WAF and intelligent network filtering are all helping to bring this global vulnerability under control.
But the staggering number of different ways that the Log4Shell ‘trigger text’ can be encoded, the huge number of different places in your network traffic that these strings can appear, and the wide variety of servers and services that could be affected are collectively conspiring against all of us.
The very best response is perfectly clear: patch or mitigate your own systems right now. Our article provides practical advice that explains how the vulnerability works, why it works, what it can do, and how to fix it.”
Samsung Electronics has officially unveiled the latest addition to the popular Galaxy A series smartphones – the Samsung Galaxy A06.
Joining a fan favorite series and combining powerful performance with a sleek design, the Galaxy A06 offers customers and loyal A series fans unique features and premium experience at an affordable price.
The stylish Galaxy A06 is set to redefine what users expect from entry-level smartphones, offering cutting-edge technology without compromise.
Aptly, tagged “Galaxy Wey Sabi”, the Galaxy A06 stands out in the competitive category as it aims to resolve the customers’ needs in a smartphone with focus on durability, functionality, security, camera, and entertainment.
Users can enjoy capturing high-resolution photos with the 50MP rear camera, now equipped with Nightography for capturing the essence of every detail especially in low-light conditions. The 8MP front and 2MP (depth) cameras also provide crystal-clear selfies with advanced beautification features.
Spotting a slimmer design and comfortable grip, as well as a side fingerprint scanner, the new Galaxy A06 features a stunning 6.7” HD+ display, providing vivid colors and crisp clarity for an immersive viewing experience that delivers seamless visuals on the infinity-U display with enhanced brightness, especially for outdoor visibility.
Galaxy A06 – Galaxy Wey Sabi is truly a device, which understands your needs, equipped with a 5000mAh long-lasting battery, you can enjoy more device usage without worrying about battery life. The 25W Super-Fast Charging feature ensures up to 50% battery charge in just 30mins, meaning you are back in action quickly.
“The Samsung assurance is a promise, a trustworthy reliability in our Knox Security on this device, which protects your personal information by isolating your passwords and other private data within a secure environment,” said Stephen Okwara, Head Product Management, Samsung Electronics West Africa. “What also awesome about this is our promise of continuous OS upgrades and up to 4 years security update on this device. Isn’t that impressive from a brand that understands the needs of its customers?”
Also speaking at the Galaxy A06 launch event in Lagos, Oge Maduagwu, Head of Marketing, Samsung Electronics West Africa said: “We are excited to introduce the Galaxy A06, which brings together powerful performance, an advanced camera, and long-lasting battery life, all in a stylish and affordable package,” She added: “Also customers can enjoy premium support for their device with a screen damage insurance cover of just N9000.
Available in four stunning colors – Black, Blue Green, Lime and Silver – The Samsung Galaxy A06 will be available in Nigeria at all authorized Samsung Stores from 11th October 2024, with pricing starting at N146,000.
Tech
Anambra School Emerges Winner In National Girls In ICT Competition With Groundbreaking VR Technology
St. John Vianney Science College, Igbariam, used their virtual reality project to conquer the National Girls in ICT Competition 2024, claiming the national championship title yesterday!
The National Girls in ICT Competition, organized by the Federal Ministry of Communication, Innovation and Digital Economy, is a technology innovation competition for all girls in secondary schools across Nigeria.
Their innovative project, M-Tag VR, allows users to explore iconic landmarks like Zuma Rock and learn about fascinating cultural aspects of Nigerian tribes. The girls, Immaculate Ebube Ikegwuonu, Camilla Anyadike, and Nweke-Nonso Oluchi, mentored by their coach, John Onuigbo, triumphed over teams from all 36 states.
The girls’ talent shone brightly throughout the competition. They started at the state level where they aced the Anambra state competition, then proceeded to conquer the Southeastern regional championship, defeating teams from Ebonyi, Imo, Abia, and Enugu, to make it to the national finals.
Rivers and Lagos states secured the second and third-place positions, respectively.
Tech
Google To Delete Billions Of Browser Records To Settle ‘Incognito’ Lawsuit
CNN reported that Google will delete billions of data records as part of a settlement for a lawsuit that accused the tech giant of improperly tracking the web-browsing habits of users who thought they were browsing the internet privately.
The suit was originally filed in 2020 and accused Google of misrepresenting the kind of data it collects from users who browsed the internet via “Incognito” private browsing mode in Chrome. Google agreed to settle the suit late last year, but the terms of the settlement were first disclosed in a filing on Monday.
As part of the settlement, Google must delete “billions of data records” that reflect the private browsing activities of users in the class action suit, according to court documents filed Monday in San Francisco federal court.
Google will also update its disclosure to inform users about what data it collects each time a user initiates a private browsing session. Google has already started implementing these changes.
For the next five years, Google will also let private browsing users block third-party cookies as part of the settlement. Google also will no longer track people’s choices to browse the internet privately.
-
Travel5 days ago
Defence Minister in S’Arabia to Discuss Counter-Terrorism
-
News3 days ago
Badaru on Operational Tour of 82 Division, other Military Installations in Enugu and Imo States
-
Energy3 days ago
Boost for Nigeria’s Oil Production, As NNPC’s Utapate Crude Grade Hits Global Oil Market
-
Uncategorized1 day ago
FG Pledges Enhanced Security for Southeast Region
-
Events2 days ago
Speakers to Discuss How to Restore Nigerians’ Confidence in the Judiciary
-
GRBusiness6 hours ago
45th Int’l Trade Fair in Kano: Badaru Urges Support for Nigerian Military for Peace, Security