Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

ACSC, Defence issue warnings over Apache Log4j

The cyber security watchdog and the Assistant Minister for Defence Andrew Hastie have issued warnings over the Apache Log4j vulnerability, with the Assistant Minister noting that the vulnerability is currently being exploited in Australia.

user icon
Wed, 15 Dec 2021
ACSC, Defence issue warnings over Apache Log4j
expand image

On the 10th of December, the Australian Cyber Security Centre issued a critical warning for vulnerabilities within the Apache Log4j2 library, which when exploited would enable the threat actor to execute arbitrary code.

According to a LunaSec blog post, the vulnerability was determined to have been a zero-day exploit in the log4j which enables threat actors to attack an array of services including Steam, Apple iCloud and even Minecraft.

It is believed that state-sponsored hacking groups have already begun exploiting the loophole, including Iranian backed Nemesis Kitten.

============
============

The exploit was allegedly Tweeted and posted onto GitHub.

“Proof-of-concept code to exploit this vulnerability is publicly available on GitHub, and additional technical specifications have been published by Red Hat,” a release from the ACSC read.

“Due to the popularity and widespread use of the Log4j2 library in popular frameworks a large number of third-party apps may also be vulnerable to exploitation.”

Assistant Minister for Defence Andrew Hastie urged Australians to stay secure online.

“Now is not the time for Australian individuals or businesses to be complacent about their cyber security,” Assistant Minister Hastie said.

“The flaw in the widely used Apache software library known as Log4j allows unauthorised users to quickly gain access to a computer system through the internet. The Log4j software library is found in a vast array of software and used by both individuals and businesses.

“The ACSC has since last week issued successive alerts and is working with organisations using the Log4j software library to ensure they patch vulnerable systems. But we know that malicious online actors are scanning networks in attempts to locate vulnerable servers, so it’s critical that Australian organisations act, and act fast.

“You wouldn’t leave the doors to your home or business unlocked when you go away this Christmas – and you shouldn’t do the same for your cyber security. We know about this vulnerability and cybercriminals do too, so it is vital that Australian users of Apache Log4j software patch their systems urgently to stay secure.”

[Related: Microsoft seized 42 websites from Chinese hacking group]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.