On December 9th, 2021, reports surfaced about a new zero-day vulnerability, termed Log4j (Log4Shell), impacting Minecraft servers. [see “Protecting Against the Log4J Vulnerability”] Countless millions of devices instantly became at risk of attack, and Log4j ranked among the worst vulnerabilities yet seen. The fear of the Log4j security flaw has once again returned as threat actors have started to exploit vulnerable VMWare Horizon Servers. Learn more about Log4j and this new threat in this Morphisec blog post.
Log4j is a logging framework for java applications and has been an integral part of many programs since the mid-1990s. Cloud storage companies like Google, Amazon, and Microsoft, which are the digital hotline for millions of other applications, have been hit hard. The same goes for other IT giants like IBM, Oracle, and Salesforce, as well as thousands of Internet-connected devices like televisions and security cameras.
Thanks to this easily accessible framework that companies have been using, hackers have an opportunity to enter the digital space to steal or plant information. Malware has a new opportunity to try to infiltrate almost anywhere it wants to. This does not mean that everyone will suffer some kind of attack, but it is certainly an event