zdnet[.]com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/
zdnet[.]com/article/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability/
github[.]com/NCSC-NL/log4shell/tree/main/software
Log4j is a Java code library used in a huge number of apps run on servers -- it's Not something likely to be found on your PC/laptop. And it's got a huge vulnerability -- it's rated 10 out of 10 for severity. More than 100 attempts to exploit the flaw per minute have been recorded. While you're not likely to be directly effected, every server you connect to *may* well have been compromised. So please be careful... IMHO it's not the time to do Any holiday shopping at smaller online retailers, since they may not have the resources to stay on top of this sort of thing, nor the resources to make it right for customers losses.
Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there's a wide range of software that could be at risk from attempts to exploit the vulnerability.
Meanwhile, cybersecurity researchers at Sophos have warned that they've detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability.
Researchers at Microsoft have also warned about attacks attempting to take advantage of Log4j vulnerabilities, including a range of cryptomining malware, as well as active attempts to install Cobalt Strike on vulnerable systems, something that could allow attackers to steal usernames and passwords.
"I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but we believe this creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high-value targets such as banks, state security and critical infrastructure," said Lotem Finkelstein, director of threat intelligence and research for Check Point.