Month: December 2021

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.

CISA said it modified a Log4j scanner created by security company FullHunt, with the help of other researchers like Philipp Klaus, Andrei Fokau, and Moritz Bechler.

This Log4j scanner provided by CISO implements the following features:

• Support for lists of URLs
• Support for DNS callback for vulnerability discovery and validation
• Fuzzing for more than 60 HTTP request headers
• Fuzzing for HTTP POST Data parameters
• Fuzzing for JSON data parameters
• WAF Bypass payloads

Similarly, US cybersecurity company CrowdStrike released its own free Log4j scanner called the CrowdStrike Archive Scan Tool, or “CAST”.

Read more about it here.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a “severe risk” for an Apache software vulnerability, known as is CVE-2021-44228. The vulnerability, which affects a Java logging package known as Log4j. The CVE-2021-44228 vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j 2.

A proof-of-concept exploit for the vulnerability was published on December 9, 2021. Cyber attacks started immediately after, making it a zero-day vulnerability.

Log4j releases 2.15.0 or 2.16.0 fix the issue and should be implemented on systems subject to this vulnerability.

Read more about it here.

Delta-Montrose Electric Association, a local electric cooperative serving western Colorado counties Delta and Montrose, said a cyberattack first detected on November 7, 2021 has disabled its billing systems and wiped out 20 to 25 years’ worth of historic data.

The attack affected the company’s phone, email, billing, and customer account systems, but DMEA said the power grid and fiber network were not touched during the attack.

“DMEA discovered a targeted effort to access portions of our internal network system by an unauthorized third party. As a result, DMEA lost 90% of internal network functions, and a good portion of our data, such as saved documents, spreadsheets, and forms, was corrupted. It also impacted our phones and emails. Our power grid and fiber network remain unaffected by the incident,” said the company statement on its website.

Member billing is expected by the company to be restored on the week of December 6 – 10, 2021.

DMEA has suspended all penalty fees and disconnections for non-payment through January 31, 2022.

Read more about it here.