For more information, visit the SentinelOne Log4j Vulnerability Resource Center.SentinelLabs has released tools and scripts, including static and dynamic scanners, to assist in finding and patching vulnerable Log4j2 instances.Due to the ease and rate of exploitation attempts, SentinelOne recommends upgrading impacted services to the latest version of Log4j2.SentinelOne expects further opportunistic abuse by a wide variety of attackers, including further ransomware and nation-state actors. Exploit attempts have led to commodity cryptominer, ransomware and other payloads.
Major services and applications globally are impacted by these vulnerabilities due to the prevalence of Log4j2’s use in many web apps.Further vulnerabilities in the Log4j library, including CVE-2021-44832 and CVE-2021-45046, have since come to light, as detailed here.A new critical remote code execution vulnerability in Apache Log4j2, a Java-based logging tool, is being tracked as CVE-2021-44228.
0 kommentar(er)
