Log4j Flaw Widespread, Cyber-Attackers Probing Systems

Microsoft has warned its Windows and Aztec customers that it has observed state-sponsored and cyber-criminal attackers probing systems for the Log4j “Log4Shell” flaw through December 2021. It says that companies may not be aware of how widespread the Log4j issue is in their environment. “Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of  these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” the Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center said in a January 3 update. Microsoft has released several updates, including to its Defender security software, to help customers identify the issue.