.png "back to home page")
We have released a special patch today on Badlion Client across all Minecraft versions to fix an exploit recently discovered due to a 3rd party library.
— Badlion Client (@BadlionClient) December 10, 2021
We will always make sure our users are safe! ?
For more details about this exploit see here: https://t.co/iLokj3pBgr
URGENT: if you're using log4j in your applications for logging, you need to update it. There's a remote code execution bug in it.
— Rey Bango (@reybango) December 10, 2021
GitHub labeled the vulnerability as “critical severity”https://t.co/uZTyW47Aju via @vice
CERT NZ has released an advisory on a Java vulnerability. Reports from online users show that this is being actively exploited and that proof-of-concept code has been published. https://t.co/7OelaN4aas
— CERT NZ (@CERTNZ) December 10, 2021
This log4j RCE is a great example of how software complexity can cause very bad unintended consequences. Literally every Java project in the world uses log4j. https://t.co/OahRazbuQO
— Mike Perham (@getajobmike) December 10, 2021
A few hours ago, a 0-day RCE exploit was discovered in the logging library log4j. You may not have heard of it, but it's everywhere.
— Malwarebytes (@Malwarebytes) December 10, 2021
Per @LunaSecIO: "Many, many services are vulnerable".
They include Steam, Apple iCloud, Minecraft, and others.https://t.co/QavDOnDUCp
Let me save you a bunch of clicks:
— Catalin Cimpanu (@campuscodi) December 10, 2021
PoC: https://t.co/yShp4iRTxJ
Patch: https://t.co/rVSq2EZfoT
Technical breakdown: https://t.co/QWRkh6rk4y
Systems confirmed vulnerable: https://t.co/Fe2K7vwcV2 pic.twitter.com/9YlNzB1uEF
New: Several major websites and apps on the internet are vulnerable to a bug that is reportedly very easy to exploit.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) December 10, 2021
Researchers say Minecraft, iCloud, CloudFlare, Twitter, and many more are impacted. https://t.co/ogaW5nTpZ3
A Simple Exploit is Exposing the Biggest Apps on the Internet https://t.co/K8016s6r88
— Dr. Robin Kiera (@stratorob) December 10, 2021
via @VICE @pierrepinna @dalithsteiger @appthisway @enrirosasdiaz @LostInDigit @Corix_JC @Xbond49 @Victoryabro #CyberSecurity #Apps #IoT #Cloud #BigData #EdgeComputing pic.twitter.com/j1pfNHGr2N
Minecraft, iCloud, Twitter, Cloudflare, and Steam are reportedly vulnerable to a powerful bug that could allow hackers to take control of their servers and clients, according to several security researchers. https://t.co/PYfpao1sCl
— Motherboard (@motherboard) December 10, 2021
On Thursday, it was discovered that several popular websites, apps, and services are vulnerable to a powerful bug that could allow hackers to take control of their servers and clients. https://t.co/QuXDVeZG6N
— VICE (@VICE) December 10, 2021
The Log4j zero-day (tracked as CVE-2021-44228, or #Log4Shell) has received an official security fix just as scans for vulnerable systems are ramping uphttps://t.co/fa3grtVU5b pic.twitter.com/QHw7EzWSOC
— Catalin Cimpanu (@campuscodi) December 10, 2021
Log4j zero-day gets security fix just as scans for vulnerable systems ramp up https://t.co/OFAjCxjS3i
— piyokango (@piyokango) December 10, 2021
?This is a huge risk to your perimeter and product security #log4shell:
— ?mmanuel Chavoya (@FullM3talPacket) December 10, 2021
➡️CVE-2021-44228
➡️CVSS 10 - CRITICAL
Check your SCA, you very likely have this #0day somewhere in your product code, and or in your perimeterhttps://t.co/JQXnY1sVjp https://t.co/k2MAydeiMV
Log4j zero-day gets security fix just as scans for vulnerable systems ramp up https://t.co/IBZpSuwi9P
— Charity Wright 雷倩 (she/her) (@CharityW4CTI) December 10, 2021
マインクラフトがApacheLog4jの脆弱性に対応して、緊急Updateをリリースしています。他のゲーム開発会社なども、この脆弱性に対する影響がないかをチェックする必要があるかも知れません。
— キタきつね (@foxbook) December 10, 2021
「MinecraftはLog4jの重大な脆弱性に対するパッチを急いで出します」https://t.co/5Z1aq9ls4Y
Minecraft rushes out patch for critical Log4j vulnerability https://t.co/u2Ks18Jq5Y
— The Cyber Security Hub™ (@TheCyberSecHub) December 10, 2021
Iv'e created Gist with exploitation detection ideas and rules
— Florian Roth ⚡️ (@cyb3rops) December 10, 2021
I'll update this gist frequently#log4j #log4jrce CVE-2021-44228https://t.co/vlAR6aFbUl pic.twitter.com/E0K7b9vNck
Resources for Log4j vuln. Reply here with more.
— Frank McGovern (@FrankMcG) December 10, 2021
- Overview by @LunaSecIO: https://t.co/4oMCSkvUKd
- Vulnerable Hashes by @mubix: https://t.co/u0yGrCIts2
- IP’s Exploiting by @GreyNoiseIO: https://t.co/9z8N9wK4j4
- Detection Rules by @cyb3rops: https://t.co/io52zB6JHB
Some #logjam #Log4Shell resources:
— Ben Smash (@B3n_5mash) December 10, 2021
ips actively exploiting: https://t.co/FAlOUyr39J
Proof of Concept: https://t.co/J6Pb1H4qyF
git advisory: https://t.co/dcR8ciNzia
yara rules for detection: https://t.co/HafeowIiQs
greynoise activity viz : https://t.co/RmfDb7BIBA#0day #zeroday
Also useful @cyb3rops and Co. https://t.co/MjAVRonngW
— Mark (@sneakymonk3y) December 10, 2021
I've created this gist as a scratchpad on which I can improve the commands over the course of the dayhttps://t.co/vlAR6aFbUl
— Florian Roth ⚡️ (@cyb3rops) December 10, 2021
Upgrade ASAP to protect yourself from the #RCE vulnerability, CVE-2021-44228, affecting Apache Log4j. Read more at https://t.co/Cx6dPwwdmG #ZeroDay #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) December 10, 2021
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitationhttps://t.co/272WvtH1dX
— Recon InfoSec (@Recon_InfoSec) December 10, 2021
CISA Advisory on CVE-2021-44228https://t.co/0Al2d8mYHP
— Andrew Morris (@Andrew___Morris) December 10, 2021
The #Log4J vulnerability is the worst Internet-wide vulnerability since #Shellshock. @Cloudflare has updated our WAF and Zero Trust solutions to protect our customers. https://t.co/hpnrPBvOko
— Matthew Prince ? (@eastdakota) December 10, 2021
Customers using the Cloudflare WAF can leverage three just deployed rules to help mitigate any exploit attempts:https://t.co/UYvkqMCD3x#log4j #Cloudflare
— Adam Janiš (@adam_janis) December 10, 2021
More details here https://t.co/VeeQf0qxhN
— Dane Knecht (@dok2001) December 10, 2021
We've pushed out WAF Managed Rules to block the malicious requests: https://t.co/KPhW7gRoot. We're continuing to monitor and update them as needed.
— Patrick Donahue (@prdonahue) December 10, 2021
i see all the major WAF platform rushing out fixes - @Cloudflare just publicly posted on their rules update https://t.co/czMYH6fTmb and i suspect others are in progress too.
— Sean Kerner (@TechJournalist) December 10, 2021
Yeah this is an issue. But my .02 is network based security can mitigate the risk.