Critical Vulnerability In Java log4j Affecting UniFi, Apple, Minecraft, and Many Others!

preview_player
Показать описание
Huntress Blog Post

Kevin Beaumont @GossiTheDog
John Hammond Tweet
John Hammond YouTube Channel

iPhone Tweet PoC by Cas van Cooten @chvancooten

UniFi update

Connecting With Us
---------------------------------------------------

Lawrence Systems Shirts and Swag
---------------------------------------------------

AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store

All Of Our Affiliates that help us out and can get you discounts!

Gear we use on Kit

Use OfferCode LTSERVICES to get 5% off your order at

Digital Ocean Offer Code

HostiFi UniFi Cloud Hosting Service

Protect you privacy with a VPN from Private Internet Access

Patreon

#CVE-2021-44228
#log4j
#Log4Shell
  1. Lawrence Systems
  2. LawrenceSystems
  3. java exploit
  4. log4j exploit minecraft
  5. log4j exploit poc
  6. minecraft exploit
Рекомендации по теме
Critical Vulnerability In 0:08:52

Critical Vulnerability In Java log4j Affecting UniFi, Apple, Minecraft, and Many Others!

Log4J Vulnerability (Log4Shell) 0:20:50

Log4J Vulnerability (Log4Shell) Explained - for Java developers

Log4j (CVE-2021-44228) RCE 0:03:44

Log4j (CVE-2021-44228) RCE Vulnerability Explained

Log4j Vulnerability Could 0:09:34

Log4j Vulnerability Could Give Hackers Control Over Millions of Devices

Log4j Remote Code 0:00:12

Log4j Remote Code Execution Exploit in Minecraft

Log4J Vulnerabilities Continue 0:09:19

Log4J Vulnerabilities Continue To Wreak Havoc on the Internet

Log4J & JNDI 0:26:31

Log4J & JNDI Exploit: Why So Bad? - Computerphile

The Critical Vulnerability 0:00:54

The Critical Vulnerability 'Log4j' Requires Immediate Action #shorts

Minecraft Java Log4j 0:01:06

Minecraft Java Log4j RCE Vulnerability montage and tutorial

What is the 0:00:55

What is the Log4J vulnerability? #Shorts

Critical Apache Log4j 0:12:16

Critical Apache Log4j Vulnerability | Impact For Splunk Enterprise And Splunk Apps

Log4j Vulnerability Targets 0:02:20

Log4j Vulnerability Targets Most Java Apps | Cyber Protection Operation Center News

How Hackers Exploit 0:08:42

How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte

How to Check 0:03:01

How to Check your Server for the Apache Java Log4j Vulnerability

Apple, Tesla, Minecraft 0:12:50

Apple, Tesla, Minecraft Hacked - Log4j RCE Vulnerability in Java

How to fix 0:03:05

How to fix the Log4j vulnerability on Windows Server

Critical New 0-day 0:13:26

Critical New 0-day Vulnerability in Popular Log4j Library Affecting Applications in Mass

New Log4j Remote 0:15:41

New Log4j Remote Code Execution Vulnerability Affects All MuleSoft Applications

Can we find 0:18:34

Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 - Log4j RCE)

Logs on Fire? 0:15:04

Logs on Fire? | Log4j Vulnerability | How to remediate them ASAP? | Tech Primers

Log4j Security Vulnerabilities 0:13:12

Log4j Security Vulnerabilities - With Exploit POC /Live Demo

Log4J Sicherheitslücke - 0:09:25

Log4J Sicherheitslücke - einfach erklärt

Apache Log4j Security 0:20:01

Apache Log4j Security Vulnerabilities in Java || Make Log4J Vulnerable Server & Exploit Tutorial...

Log4j/Log4shell - Critical 0:05:31

Log4j/Log4shell - Critical vulnerability demonstration

Комментарии
Автор

Huntress Blog Post


Kevin Beaumont @GossiTheDog
John Hammond Tweet
John Hammond YouTube Channel

iPhone Tweet PoC by Cas van Cooten @chvancooten



LAWRENCESYSTEMS
Автор

I've never seen your videos before, but this was a high quality video.

- It's easy to understand
- There's no annoying ads or filler
- It makes sense to technical and non technical people
- It is short.

Thank you very much.

sam-williams
Автор

Anyone doing any serious Java development uses log4j. The attach surface on the one is very very broad. I'm so glad I retired! :)

cidercreekranch
Автор

@Lawrence Systems Log4j is not for filtering logs. It is how logs are generated in java applications in general. (It is "THE" logging facility for java applications if you don't want to write your own logging out to standard output or a special tool for your application by hand. It is basically like a specific type of cabling harness which allows your speedometer to work. It is not a digital vs analog speedometer. It is HOW the speedometer works, in this metaphor.)

MartesWigglesworth
Автор

The kind of problems this is causing just because someone did not sanitize the input of something really shows us something: sanitize your input.

officiallyRitterLost
Автор

Thanks for the video, unfortuantely the situation is very bad, it is not just websites that need upgrade and edit, but as you said appliances as well, iot devices need to upgrade which is a massive and time consuming task.

techvortexx
Автор

Whats very annoying about fixing this is that for example, not using the library directly but having a dependency on something that is using log4j. Lots more work in testing those type of framework upgrades instead of just a logging framework.

niekversteege
Автор

The deb package download link on their site (that I am using for my docker unifi controller) still has not been updated because the fix is in RC not stable yet

mathesonstep
Автор

Found 7 applications using it, but so far, none fall under the affected versions, so I guess I can have a weekend now

tschaderdstrom
Автор

Why is it even remotely possible to send a web request from within a log() call just blows my mind. In what universe is that a good idea. Java is a state of mind truly...

julkiewitz
Автор

If you have your own server on the Unifi network then you have the ability to take over the device. For instance if you are a customer on a WISP network using Unifi then potentially you're already inside your own Unifi station and can launch this attack on the other stations and begin to own them.

wayland
Автор

Mental Outlaw did a great video on this too. This whole thing is just laughable.

bren.r
Автор

I enjoy your videos....keep them coming!

sagarsriva
Автор

I'm so glad you put UniFi in the title. I was originally looking this up to fix my Minecraft stuff, but I also have a lot of UniFi gear including a UDMP.

MrGatlin
Автор

Interesting video, good explanation. I know nothing about Java or cyber security but was thrilled anyways.

BufataTR
Автор

Many thanks for your excellent insights on this threat. I have a unify gateway inside our network after the access router. How bad is it for us this threat?

DePromoKanaal
Автор

How do you schedule updates on your controler? As an update causes a provisioning which drops clients from wifi.
Also when should you start to performance tune the controler? How many devices does the regular config handle?

knightjocke
Автор

It’s great that this has been found and been patched, but let’s be honest, there are gaps across the world that are either known and kept quiet amongst the hackers, or they are continually throwing hacks against servers, hoping for an opening based on known, or new entry points. Hopefully companies have good administrators keeping patches applied and are watching for hacking activities in logs.

parisachilles
Автор

Does anyone know the application being used starting at 1:50 that shows the simple flow diagram?

DriscollJeff
Автор

Honestly came to YouTube to see your review on this

anthonydefallo