"Log4j Flaw: Attackers Are Making Thousands of Attempts To Exploit This Severe Vulnerability"
Malicious cyber actors are making more than 100 attempts to exploit a critical security vulnerability contained by the Java logging library Apache Log4j every minute, according to security researchers at Check Point. The Log4j vulnerability, also now known as "Log4Shell," is a zero-day vulnerability, which first emerged on December 9. Researchers warned that the exploitation of the flaw can enable unauthenticated remote code execution and access to servers. Various forms of enterprise and open-source software use Log4j, including cloud platforms, web applications and email services. Therefore, there is a wide range of software at risk because of the many attempts made at exploiting the vulnerability. Sophos researchers have detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days following its public disclosure, as well as scans looking for the flaw. This article continues to discuss the severity of the Log4j security issue.