Real-World Impacts of Log4j Vulnerability Emerge in Ransomware Delivery, Attempted Use by Iranian Threat Group

NSO Group spyware is on par with nation-state exploits, Lawmakers seek sanctions on NSO and other groups, Kronos ransomware attacks may delay employee paychecks, CISA warns of holiday threats, more

Real-world repercussions of the Log4j vulnerability are beginning to emerge as threat actors exploit it in ransomware and target businesses and government facilities in Israel. Moreover, cybersecurity firms are warning of a new second, and possibly a third, vulnerability in the Log4J logging utility.

Researchers at Bitdefender discovered the first public case of the Log4j Log4Shell vulnerability used to download and install new ransomware named Khonsari. Khonsari uses valid encryption and is secure, meaning that it is not possible to recover files for free, but its ransom note does not appear to include a way to contact the threat actor to pay a ransom.

Microsoft confirmed reports of the Khonsari ransomware family being delivered as payload post-exploitation. The software giant observed a small number of cases of the ransomware being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Mi…