It’s rather like having a thief steal years off your life.<\/p>\n
On December 9th, an acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228).<\/p>\n
Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. It used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.<\/p>\n
Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks.<\/p>\n
The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft and more.<\/p>\n
At present most of the attacks focus on the use of a cryptocurrency mining at the expense of the victims<\/strong>, however under the auspices of the noise more advanced attackers may act aggressively against quality targets. [Check Point Blog<\/strong><\/a>]<\/em><\/p><\/blockquote>\n
[Bold mine]<\/strong><\/h6>\n
Stealing CPU cycles to mine for the tokens specific to crypto – it reflects the greed associated with currency, at least to my mind.<\/p>\n","protected":false},"excerpt":{"rendered":"
It’s rather like having a thief steal years off your life. On December 9th, an acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228). Apache Log4j is the most popular java logging library with over 400,000 downloads from its \u2026 Continue reading