Log4j
zeynepaydogan
zeynepaydogan at protonmail.com
Mon Dec 13 02:59:45 PST 2021
Temporary fix: JAVA_OPTS = "- Dlog4j.formatMsgNoLookups = true"
Here are examples of what's vulnerable (From Cloudflare and Apple to minecraft servers).
Açık Pzt, Ara 13, 2021 13:54, zeynepaydogan <zeynepaydogan at protonmail.com> yazdı:
> Kinsing backdoor happily addressed the vulnerability: The malware cleans the device from competitors and starts mining. Other miner loaders also appear. They even throw a grumbling Cobalt Strike at victims via log4j. A good set of tools for pentest, because of the crack it turns into a very real observer of the network and a backdoor for reloading any code.
>
> Açık Pzt, Ara 13, 2021 12:38, zeynepaydogan <zeynepaydogan at protonmail.com> yazdı:
>
>> Malware using LOG4J exploit:)
>>
>> Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan <zeynepaydogan at protonmail.com> yazdı:
>>
>>> Password: infected
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1702 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211213/76972390/attachment.txt>
More information about the cypherpunks
mailing list