Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft

Microsoft has confirmed that likely China-based cyber criminals are exploiting the Log4j ‘Log4Shell’ flaw in VMware’s Horizon product to install the new ransomware strain, NightSky. The attacks target the original Log4Shell flaw, CVE-2021-44228. VMware has been targeted due to its vulnerable components, some of which have been updated or given mitigation workarounds. The highly complex nature of these vulnerabilities has led Microsoft to label the situation a “high-risk”, affecting multiple applications, services and systems.