New Log4j attacks target SolarWinds, ZyXEL devices

Cybercriminals exploiting the Log4Shell vulnerability are targeting SolarWinds and ZyXEL devices that use the Log4j library, say Microsoft and Akamai reports. Microsoft found an attacker using the vulnerability in conjunction with a zero-day exploit in SolarWinds’ Serv-U file-sharing server, reported and fixed as CVE-2021-35247. Meanwhile, Akamai noticed a botnet going after ZyXEL’s devices. Despite Apache Software Foundation releasing patches for the Log4j library, many applications haven’t released their own updates, leaving networks vulnerable.