Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft

Microsoft has confirmed that suspected China-based cyber criminals are exploiting the Log4j ‘Log4Shell’ flaw in VMware’s Horizon product to deploy a new ransomware strain called NightSky. The attacks specifically target vulnerability CVE-2021-44228 in internet-facing systems where vulnerable versions of the Log4j application are present. Microsoft warns the Log4j vulnerabilities represent a complex and high-risk situation as companies may not easily know what products and services are affected.