ESET provides a map with countries at risk…

The zero-day vulnerability, designated Log4Shell, received a maximum severity rating of 10 by the CVSS vulnerability assessment standard, and potentially puts millions of servers at risk of exploitation, including Amazon AWS, iCoud and Steam services.

See the map of countries with the highest risk.

ESET: Log4Shell exploit leads TOP threats in Portugal

ESET, the global leader in cybersecurity, has released a map of countries around the world where attempts have been made to exploit the zero-day vulnerability in Apache Log4j, a Java-based open-source logging framework.

In Portugal, ESET's telemetry reports that the exploit, called Log4Shell and indexed with the code CVE-2021-44228, currently leads the top threats in the territory, with a prevalence level of 10.77%.

Worldwide, hundreds of thousands of blocked Log4j exploration attempts were recorded, with particular prevalence in the United States of America, United Kingdom, Turkey, Germany and the Netherlands.

This prevalence confirms the severity of Log4Shell, which received a top 10 rating for severity by the Common Vulnerability Scoring System (CVSS) vulnerability assessment standard.

Log4Shell is a remote code execution (RCE) vulnerability, that is, a cyber attack in which an attacker can remotely execute commands on affected servers. This means that the attacker does not need physical access to the server to execute arbitrary code, which can lead to complete control of affected systems and theft of sensitive data.

The detection of this zero-day vulnerability is causing serious concerns with repercussions that go far beyond the security sector. Among the Internet infrastructure services vulnerable to zero-day vulnerability in Apache Log4j are cloud services from Amazon, Apple, Steam, Tesla and Twitter.

Proof of concept code for the exploit is now available online, and there is now a race between hackers, who conduct Internet monitoring to exploit vulnerable systems, security administrators, who are updating their systems and implementing mitigation measures, and developers, who are auditing applications and code libraries for any dependencies that might include vulnerable versions of the Log4j library.

Read too...