Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines, (Mon, Nov 21st)

This post was originally published on this site

Almost one year later, Log4Shell attacks are still alive and making victims. Log4shell, as you may remember, was the name given to a remote code execution (RCE) vulnerability in the Apache Log4j Java library, first known on December 10th, 2021.  Information on the zero-day (CVE-2021-44228) and malicious campaigns using it were covered here in SANS ISC in different diaries like here and here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.