The critical remote code execution vulnerability in Apache’s Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
Cybersecurity company Kaspersky said it logged and blocked 30,562 attempts by hackers to use the Log4Shell exploit that was discovered in December 2021. While that marks a decline from when it was first reported, Kaspersky warns that it’s here to stay as a new tool in cyber criminals’ arsenals.
More about Security
- Online privacy: DuckDuckGo just finished a banner year and looks for an even better 2022
- Check for Log4j vulnerabilities with this simple-to-use script
- 8 advanced threats Kaspersky predicts for 2022
- End user data backup policy (TechRepublic Premium)
Log4Shell is an exploit that targets Apache’s Log4j library, which is used to log requests for Java applications. If successful, an attacker that uses Log4Shell can gain total control over affected servers. Some big names have been found vulnerable, too: Apple, Twitter, Steam, and others were all found to have unpatched versions of Log4j on their servers when news of the exploit went public.
Log4Shell was dangerous enough to earn a 10 (out of 10) on the CVSS severity scale, and with good reason: Read more: https://tek.io/3AT1TFW