![]() ![]() The remote code execution (RCE) vulnerabilities in Apache Log4j 2 – CVE-2021-44228, CVE-2021-45046, CVE-2021-44832 – are collectively referred to as Log4Shell. 15, more than 1.8 million attacks, against half of all corporate networks, using at least 70 distinct malware families, had already been launched to exploit the bugs. This comes on the heels of news that relentless Log4Shell attacks have come from nation-state actors that are both testing and have already implemented the exploit: As of Dec. “We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Microsoft. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. No surprise here: The holidays bought no Log4Shell relief.
0 Comments
Leave a Reply. |