Vulnerability in Apache Log4j => Security update has been released to patch the vulnerability known as
Log4Shell!
The TG Soft AntiMalware Research Center is closely following this vulnerability in the Apache Log4j library, examining all potential effects on PC/Server cybersecurity.
We report that since Friday, December 17, ApacheSoftwareFoundation has released the update that we recommend to install as soon as possible, for all those who use software written in Java and that includes the open source library Log4J. For further details we report the primary source:
https://logging.apache.org/log4j/2.x/
For all our customers, we point out that Vir.IT eXplorer PRO does not use Java nor the Log4j library.
Research by TG Soft's C.R.A.M. has revealed that some CyberBlackmailer groups have begun very quickly to exploit the
Log4Shell vulnerability to breach PCs/Servers and local networks with the purpose of conveying Malware. They especially aim to carry out
Ransomware attacks including the CyberCriminal group using the Khonsari Ransomware and the
Conti group, but not only! For more on
Khonsari Ransomware check out the information posted at this link:
2021-12-16 #Ransomware #KHONSARI
For those who already use our AntiVirus, AntiSpyware and AntiMalware suite, AntiRansomware protection CryptoMalware Vir.IT eXplorer PRO CORRECTLY installed, configured, updated and used, these kinds of attacks are mitigated by blocking the encryption process in the initial phase of the attack and isolating the PC machine and/or Windows Server, from the rest of the network infrastructure. In this way we can keep the encryption attack confined, avoiding diffusion to the rest of the IT infrastructure of the institution/enterprise...
For any insights into Vir.IT eXplorer PRO's proprietary Heuristic-Behavioral AntiRansomware Protection CryptoMalware technologies, which enable our suite to mitigate even next-generation and/or variant Ransomware attacks... And much more! We invite you to consult our informative:
Vir.IT eXplorer PRO => heuristic behavioural Antiransomware technologies Crypto-Malware protection
However, we remind you that it remains ABSOLUTELY necessary to make, as soon as possible, the SECURITY UPDATE to patch the Log4Shell vulnerability released by the ApacheSoftwareFoundation.
For further details, please refer to the official documentation available at the link =>
https://logging.apache.org/log4j/2.x/
TG Soft
External Relations