viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
As Log4Shell wreaks havoc, payroll service reports ransomware attack
Technology

As Log4Shell wreaks havoc, payroll service reports ransomware attack

13/12/2021

As Log4Shell wreaks havoc, payroll service reports ransomware attack

Getty Images

As the world is beset by Log4Shell, arguably the most severe vulnerability ever, one of the biggest human resources solutions providers is reporting a ransomware attack that has taken its systems offline, possibly for the next several weeks. So far, the company isn’t saying if that critical vulnerability was the means hackers used to breach the systems.

The company said on Sunday that services using the Kronos Private Cloud had been unavailable for the past day, with the attack taking down Kronos’ UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services.

“At this time, we still do not have an estimated restoration time, and it is likely that the issue may require at least several days to resolve,” Kronos representative Leo Daley wrote. “We continue to recommend that our impacted customers evaluate alternative plans to process time and attendance data for payroll processing, to manage schedules, and to manage other related operations important to their organization.”

Ten hours after that advisory, Daley published an update reporting that the cause of the outage was ransomware and that it “may take up to several weeks to restore system availability.”

Advertisement

“We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation,” the Kronos representative wrote. “We recognize the seriousness of this issue and will provide another update within the next 24 hours.”

Neither advisory made any mention of the method the ransomware attackers used to breach the Kronos infrastructure. A banner notice at the top of each post, however, stated:

We are aware of the log4j vulnerability reported as CVE-2021-44228. We have preventative controls in our environments to detect and prevent exploitation attempts. We have invoked emergency patching processes to identify and upgrade impacted versions of log4j. We are aware of the widespread usage of log4j in the software industry and are actively monitoring our software supply chain for any advisories of 3rd party software that may be impacted by this vulnerability.

Kronos representatives responding to an email declined to say if a Log4Shell exploit against its systems was the cause of the initial compromise. It wouldn’t be a stretch, though, for that to be the case. Kronos cloud services rely heavily on Java, the software framework that Log4J is based on. The Log4Shell vulnerability, which gives hackers the ability to execute malicious code with elevated system privileges, is trivial to exploit. Often, attacks can come from users visiting a page with a browser that includes plaintext commands in the user agent.

Kronos said it had retained cybersecurity experts and has notified authorities. It said customers’ on-premises services aren’t affected.

This post will be updated with any new information that comes to light.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

PSA: Apple isn’t actually patching all the security holes in older versions of macOS
Enlarge / The default wallpaper for macOS Catalina. Apple News …

PSA: Apple isn’t actually patching all the security holes in older versions of macOS

Beat Saber is now an Oculus studio after Facebook acquisition
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

Jumia adapts Pan-African e-commerce network in response to COVID-19

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • TechCrunch’s Favorite Things of 2019
    Volkswagen prepares to halt production at European …
    17/03/2020
  • Mojo Vision teams up with optics leader Menicon to develop AR contact lenses
    Mojo Vision teams up with optics leader …
    09/12/2020
  • ProBeat: Why Google is really calling for AI regulation
    Google’s AI accurately predicts physicians’ prescribing decisions …
    03/04/2020
  • Corvus raises $32 million to inject AI into insurance products
    Corvus raises $32 million to inject AI …
    10/01/2020
  • Get your online business up and running with 7 great deals
    Get your online business up and running …
    24/07/2020

Popular Posts

  • 10 Unusual Tombs from Around the World …
    26/06/2022 0
  • 10 Eerie Real-Life Paranormal Encounters to Creep …
    29/05/2022 0
  • The mystery of China’s sudden warnings about US hackers
    The mystery of China’s sudden warnings about …
    29/05/2022 0
  • 10 Huge Problems Animals Should Have But …
    30/05/2022 0
  • 10 U.S. Towns with Terrifying Local Legends …
    30/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh