While patches have been released in the four months since the emergence of the widespread Log4j vulnerability, many companies have been exposed and could have been compromised, SecurityWeek reports.
"The good news about Log4j being a vulnerability in a logging system means that there’s a good chance that some evidence exists of attempts at or actual exploitation within those logs. Unfortunately, once a system is exploited, the data on that system becomes less trustable – it’s not uncommon for attackers to tamper with logs or try to cover-up activities," said Randori co-founder and Chief Technology Officer David Wolpoff.
Randori reported that VMware Horizon, Jamf, MobileIron, Ping Identity's PingFederate, and Jenkins were the most attractive targets for threat actors exploiting the Log4j flaw, while cPanel, Apache Tomcat, VMware Horizon, Eclipse Jetty, and IBM WebSphere DataPower were the most widespread applications with the Log4j bug.
The persistent threat of Log4j should prompt the implementation of out-bound traffic blocking and other defense in depth strategies.