🦍 Animal Humanity Is Better Than Human Humanity – A Lesson from the Brookfield Zoo Gorilla

-
Image
 Compassion is often considered the essence of humanity. Yet, sometimes, it is not humans who remind us of kindness and empathy—but animals. One unforgettable event proved that animal humanity can be more profound than human humanity . In 1996, at Brookfield Zoo in Chicago , the world witnessed a heart-stopping scene that forever changed how we view gorillas and their emotions. 📌 The Incident at Brookfield Zoo It was an ordinary day at the zoo until tragedy struck. An eight-year-old boy slipped and fell into the gorilla enclosure . His head hit the ground violently, leaving him unconscious. Panic erupted among visitors—everyone expected the worst as a massive gorilla approached the fragile child. But instead of aggression, something extraordinary happened. 🦍 The Gorilla’s Unexpected Compassion The gorilla, an eight-year-old female named Binti Jua , did not harm the boy. Instead, she showed remarkable gentleness and empathy : She walked quietly to the unconscious child....

Log4Shell found in Minecraft

-

Cybereason, Log4Shell found in minecraft, Log4Shell, Log4Shell Vaccine Released, Minecraft virus, Log4j, log4shell patch, apache log4j vulnerability, log4shell github

Researchers from cybersecurity firm Cybereason have produced a vaccine to remotely mitigate a widespread "Log4Shell" Apache log4shell github code execution vulnerability.


Apache Log4j is a Java-based logging system that can be used to analyze web server access logs or application logs. The software is heavily used in enterprise, e-commerce and gaming platforms, such as Minecraft which quickly patched its version.


The researchers explained how to exploit this zero-day remote code execution vulnerability in Apache Log4j that was tracked as CVE-2021-44228 named "Log4Shell".


While Apache released Log4j 2.15.0 quickly to resolve the vulnerability, cybersecurity firms watched attackers scan vulnerable devices and try to hack them.


This vulnerability can be exploited simply by changing the web browser user agent and visiting a vulnerable site or searching for this string on a site, it quickly became a threat to organizations and some of the most popular websites on the web.


Log4Shell Vaccine Released

Cybersecurity company Cybereason has released a script or "vaccine" that exploits the vulnerability to stop a setup on a remote and vulnerable Log4Shell instance. Essentially, the vaccine fixes the vulnerability by exploiting the vulnerable server.


 "Logout4Shell" is the name of the project that walks you through setting up a Java-based LDAP server and includes a Java payload that will disable the "trustURLCodebase" setting on the remote Log4j server to reduce the vulnerability.


"While the best mitigation against this vulnerability is to patch log4j to 2.15.0 and later, in the Log4j version (>= 2.10) this behavior can be mitigated by setting log4j2.formatMsgNoLookups to true or by removing the JndiLookup class from the classpath," .


Additionally, if the server has Java runtimes >= 8u121, the settings for com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLC will default to false, which It mitigates this risk.


There are still clear concerns that threat actors or gray hat hackers will pick them for illegal behavior, as it is common for attackers to compromise a device and fix vulnerabilities to prevent other hackers from taking over a compromised server.


Although doing something like this is considered illegal, there are also concerns that security researchers might use the vulnerability to repair servers remotely.


If exploited, the vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that would completely compromise machines.


However, the diversity of applications vulnerable to the exploit, and range of possible delivery mechanisms, mean that firewall protection alone does not eliminate risk. Theoretically, the exploit could even be carried out physically by hiding the attack string in a QR code that was scanned by a package delivery company, making its way into the system without having been sent directly over the internet.

Popular posts from this blog

LIST OF STOP DJVU Extensions

-
Image
Extension appended to the end of the encrypted data filename Older STOP (Djvu) Ransomware encryptions: .STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad,, promorad2, .kroput, .kroput1, .charck, .pulsar1, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .forasom, .berost, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .tru...
Read-more »