Already Compromised by Apache Log4j? Check Before You Patch
Healthcare Info Security
Multiple security researchers have now spotted several instances of threat actors exploiting the Apache Log4j vulnerability by deploying malwares including Muhstik and Mirai botnets or by scanning for vulnerable servers. Responders are advised to check for compromise before they implement fixes.
The vulnerability, tracked as CVE-2021-44228 and detected in the Java logging library Apache Log4j, can result in full server takeover and leaves countless applications vulnerable. The component is used to log events and is part of tens of thousands of deployed applications and cloud-based services. It has a 10 severity rating on a scale of 1 to 10, as attackers can remotely exploit it without any input from the victim, and it requires limited technical ability to deploy.
The Apache Software Foundation issued an emergency patch...