Peter Membrey, chief architect of ExpressVPN, remembers vividly seeing the news of the Log4j vulnerability break online. So far, researchers have observed attackers using the Log4j vulnerability to install ransomware on honeypot servers — machines that are made deliberately vulnerable for the purpose of tracking new threats. One cybersecurity firm reported that nearly half of corporate networks it was monitoring had seen attempts to exploit the vulnerability. It’s a reflection of the fact that the Java programming language is used widely in enterprise software, and for Java software, the Log4j library is exceedingly common. Any one company could be using numerous programs containing the vulnerable library — in some cases, with multiple versions inside one application.

Source: The Nation December 17, 2021 00:08 UTC