Defenders will once again be busy beavers this weekend: There is another ubiquitous vector attack Log4j, based on Javascript WebSocket’s basic connection to trigger remote codecation (RCE) on local servers, using drive-by compromise.
In other words, exploitation can affect services that act as local hosts on internal systems that are not exposed to any network.
This is according to Blumira researchers, who noted that the discovery suggests that Log4Shell attacks are limited to vulnerable web servers.
Read More: threatpost
For more such updates follow us on Google News ITsecuritywire News