Connect with us


Urgent Google Cloud warning about Apache vulnerability




GOOGLE is warning users to enable Cloud Console as hackers can exploit Apache vulnerability.

Apache Log4j 2 utility is an open-source Apache framework that is used for logging requests. 

Google is warning users to upgrade their Google Cloud after an Apache vulnerability


Google is warning users to upgrade their Google Cloud after an Apache vulnerabilityCredit: Getty

A vulnerability was reported on December 9 that could allow systems running Apache Log4j version 2.14.1 or below to be compromised.

Attackers are attempting to scan the internet for vulnerable Log4j with other 100 attempts to exploit the vulnerability every minute, according to researchers at Check Point.

Cybersecurity researchers at Sophos said they detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability.

This is a common tactic by hackers to exploit newly disclosed vulnerabilities to have the best chance of taking advantage of them before they’re fixed.

Google stated that they will continue to “actively monitor this event and will provide updates to this blog post.”

“Like many other companies, we’re following this vulnerability closely. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers,” said a Google spokesperson.

“Google Cloud is tracking real-time updates here and will be updating this security advisory as we assess impact

“We have successfully validated and pushed a new preconfigured WAF rule in Cloud Armor to production that will help customers detect and block attempted exploits of CVE-2021-44228 on their network.”

“I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but we believe this creates just the sort of background noise that serious actors will try to exploit,” said Lotem Finkelstein, director of threat intelligence at Check Point.

Google recommends that customers upgrade to version v2.15.0 of Log4j as soon as possible. If the upgrade can’t happen quickly, customers can mitigate the issue by setting the “No Lookups property (log4j2.formatMsgNoLookups)” to true.

In addition to updating, Google Cloud Security products can help detect and solve the exploitation problems temporarily until a patch is made.

It’s also recommended that users have a vulnerability scanner to identify issues reported by the National Vulnerability Database.

For more defense until a patch is applied, Cloud Armor can also help mitigate threats. Cloud Armor can be enabled through Cloud Console then Network Security, or via API.

Google said they are monitoring the situation and it's unknown when a patch to remedy the issue will be released


Google said they are monitoring the situation and it’s unknown when a patch to remedy the issue will be releasedCredit: SOPA Images/LightRocket via Gett

We pay for your stories!

Do you have a story for The US Sun team?