Wednesday, November 29, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Text4Shell Vulnerability Exploitation Attempts Started Soon After Disclosure

Researcher by Researcher
October 23, 2022
in Cybersecurity
0
High-Severity Flaw in Argo CD is Information Leak Risk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Exploitation attempts targeting the Apache Commons Text vulnerability tracked as CVE-2022-42889 and Text4Shell started shortly after its disclosure, according to WordPress security company Defiant.

The company started monitoring its network of 4 million websites for exploitation attempts on October 17, the day when the cybersecurity community learned about its existence — the issue was disclosed by Apache developers on October 13.

Defiant, which provides the Wordfence security service for WordPress sites, said on Thursday that it had seen exploitation attempts from roughly 40 IP addresses since October 18. While a majority appear to be scans likely conducted by security teams and researchers looking for vulnerable instances, some of them may be the work of malicious actors.

“The vast majority of requests we are seeing are using the DNS prefix and are intended to scan for vulnerable installations – a successful attempt would result in the victim site making a DNS query to the attacker-controlled listener domain,” the company explained.

Apache Commons Text is an open source Java library designed for working with strings. It is used by many developers and organizations. CVE-2022-42889 is a critical issue related to untrusted data processing and it can lead to arbitrary code execution, but exploitation is only possible in certain circumstances.

When its existence became widely known, some rushed to compare it to Log4Shell, which impacts the widely used Log4j Java logging framework and which has been exploited in many attacks. That is why it was given the name Text4Shell.

However, a closer analysis revealed that while Text4Shell could also be useful to some threat actors, it’s unlikely to be exploited as widely as Log4Shell.

Alvaro Munoz, the researcher who reported the vulnerability to Apache developers, noted that Text4Shell and Log4Shell are similar, but the likelihood of exploitation is “completely different”.

The fact that scanning for Text4Shell has started is not surprising, especially since PoC code and technical details are available, and an extension to scan for the vulnerability has been added to the popular Burp Suite web vulnerability scanner.

Firmware security company NetRise has identified multiple occurrences of CVE-2022-42889 in its customer firmware dataset, but pointed out that additional work is needed to determine whether exploitation is actually possible.

“Determining if you even have this component in all of your software is a massive undertaking,” said Thomas Pace, CEO and co-founder of NetRise.

Related: Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks

Related: High-Severity Vulnerability Found in Apache Database System Used by Major Firms

 

Related: Over 100,000 Apache HTTP Servers Affected by Actively Exploited Zero-Day Flaw

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags:





Source link

Related articles

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
Tags: AttemptsDisclosureExploitationStartedText4Shellvulnerability
Share76Tweet47

Related Posts

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
0

Northern Ireland’s top police officer apologized Thursday for what he described as an “industrial scale” data breach in which the...

Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
0

Enterprise IT teams are struggling to cope with three major forces of change: the evolving regulatory environment, a globally dispersed...

Decipher Podcast: Katelyn Bowden and TC Johnson

Decipher Podcast: Katelyn Bowden and TC Johnson

August 12, 2023
0

Veilid main site: https://veilid.com/ Cult of the Dead Cow site: https://cultdeadcow.com/ Source link

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

August 12, 2023
0

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under...

Used Correctly, Generative AI is a Boon for Cybersecurity

Used Correctly, Generative AI is a Boon for Cybersecurity

August 12, 2023
0

Adobe stock, by Busra At the Black Hat kickoff keynote on Wednesday, Jeff Moss (AKA Dark Tangent), the founder of...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
Microsoft to Block Macros by Default in Office Apps

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023
North Korean Hackers Exploiting Zero-day Vulnerabilities

North Korean Hackers Exploiting Zero-day Vulnerabilities

November 28, 2023

Recent Posts

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cyber Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved