Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway

Mike_BD
Mike_BD admin
edited February 2023 in News and Blogs

Log4Shell is a 0-day vulnerability in the Log4j Java library that allows attackers to download and run scripts on targeted servers, leaving them open to complete remote control. After a user posted a proof-of-concept (PoC) on Twitter, Bitdefender’s honeypots started to register attacks using the PoC, underlining just how severe this vulnerability is.

Log4j is not just another Java library. It’s embedded in servers and services from all over the world, used by companies such as Apple, Amazon, Cloudflare, Steam, various Apache server types, ElasticSearch, and many others.

Read the full article below:

https://www.bitdefender.com/blog/labs/bitdefender-honeypots-signal-active-log4shell-0-day-attacks-underway-patch-immediately/


Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

Tagged:

Comments

  • Ehay2k
    Ehay2k
    Do any Bitdefender products use Log4j?
  • Mike_BD
    Mike_BD admin

    Hello @Ehay2k ,

    Thanks for the question on the Expert Community.

    No additional risks posed by this vulnerability to customers using our products and services have been identified at this time. We continue to actively monitor and will deploy any needed mitigation countermeasures should they be required.

    Stay safe,

    Mike

    Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

  • Chrisp1
    Chrisp1
    Hello Mike & Happy New Year to you and yours;

    I couldn't help but notice that you did not answer Ehay2k's question, which is "Do any Bitdefender products use Log4j?" A valid question and concern as Bitdefender utilizes many cloud based services.

    Seems like a yes/no question to me. Answering "No additional risks posed by this vulnerability to customers using our products and services have been identified..." implies the correct answer would be, "Yes". Your answer also implies Bitdefender will respond appropriately after the fact, something that seems to contradict your overall message about employing the Log4j 2.15.0 patch immediately.

    Regards,
    Chris
  • Mike_BD
    Mike_BD admin
    edited January 2022

    Hello @Chrisp1 and welcome to our Community!

    Sorry for the late response, many of us have been on holidays and I hope you had some awesome ones!

    Bitdefender products are not vulnerable to Log4j.

    Cheers,

    Mike 

    Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

All Time Leaders

Categories

Defenders of the month