Urgent Google Cloud warning about Apache Log4j vulnerability – here's how to protect yourself from hackers NOW

GOOGLE is warning users to enable Cloud Console as hackers can exploit Apache vulnerability.

Apache Log4j 2 utility is an open-source Apache framework that is used for logging requests. 

A vulnerability was reported on December 9 that could allow systems running Apache Log4j version 2.14.1 or below to be compromised.

Attackers are attempting to scan the internet for vulnerable Log4j with other 100 attempts to exploit the vulnerability every minute, according to researchers at Check Point.

Cybersecurity researchers at Sophos said they detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability.

This is a common tactic by hackers to exploit newly disclosed vulnerabilities to have the best chance of taking advantage of them before they’re fixed.

Google stated that they will continue to “actively monitor this event and will provide updates to this blog post.”

“Like many other companies, we’re following this vulnerability closely. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers," said a Google spokesperson.

"Google Cloud is tracking real-time updates here and will be updating this security advisory as we assess impact

"We have successfully validated and pushed a new preconfigured WAF rule in Cloud Armor to production that will help customers detect and block attempted exploits of CVE-2021-44228 on their network."

Most read in Tech


Stunning image shows 'ghostly one-winged butterfly' 520 light-years from Earth


Alexa’s yellow notification ring can RUIN your Christmas – how to turn it off


Apple to scan iPhone messages for NUDITY in crackdown on child sex abuse


Warning to Windows users after security hole is found leaving computers vulnerable

“I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but we believe this creates just the sort of background noise that serious actors will try to exploit,” said Lotem Finkelstein, director of threat intelligence at Check Point.

Google recommends that customers upgrade to version v2.15.0 of Log4j as soon as possible. If the upgrade can’t happen quickly, customers can mitigate the issue by setting the “No Lookups property (log4j2.formatMsgNoLookups)” to true.

In addition to updating, Google Cloud Security products can help detect and solve the exploitation problems temporarily until a patch is made.

It’s also recommended that users have a vulnerability scanner to identify issues reported by the National Vulnerability Database.

For more defense until a patch is applied, Cloud Armor can also help mitigate threats. Cloud Armor can be enabled through Cloud Console then Network Security, or via API.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at exclusive@the-sun.com or call 212 416 4552.

like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

    Source: Read Full Article