Dec 20– New Log4j vulnerabilities leave organizations with greater uncertainty than before. An alternative attack vector appears to rely on a simple Javascript WebSocket connection, which can trigger remote code-execution (RCE) on servers locally. The catalyst is a drive-by compromise.

An exploit could impact services operating as localhost in internal systems not exposed to the network, according to researchers. Log4Shell attacks may not be confined to vulnerable web servers.

Any organization that retains a vulnerable Log4j version could experience an attack via the path of a listening server on a machine, or via local network, as triggered by regular internet browsing.

Attackers may launch malvertising attacks, DDoS attacks and more. Experts contend that traditional web application firewalls and other network-level defenses may not be sufficient in securing against the latest Log4j threats.

“The variants of the vulnerability along with the discovery of alternative vectors is likely only the beginning of how the Log4j story is to be told.  The best actions for cyber security professionals are continued patching as the attacks mature and putting preventative measures in place including modern AI-based methods,” says Mark Ostrowski, Head of Engineering East, with Check Point Software. For more insights into stronger security measures to pursue, see CyberTalk’s primary coverage.

Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.