Temporary fix: JAVA_OPTS = "- Dlog4j.formatMsgNoLookups = true" Here are examples of what's vulnerable (From Cloudflare and Apple to minecraft servers). Açık Pzt, Ara 13, 2021 13:54, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Kinsing backdoor happily addressed the vulnerability: The malware cleans the device from competitors and starts mining. Other miner loaders also appear. They even throw a grumbling Cobalt Strike at victims via log4j. A good set of tools for pentest, because of the crack it turns into a very real observer of the network and a backdoor for reloading any code.
Açık Pzt, Ara 13, 2021 12:38, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Malware using LOG4J exploit:)
Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Password: infected