As hackers exploit an Apache vulnerability, Google is issuing an urgent warning to enable Cloud Console NOW.

GOOGLE is advising users not to use Cloud Console because hackers may be able to take advantage of an Apache vulnerability.

Log4j 2 is an open-source Apache framework for logging requests.

On December 9, a vulnerability was discovered that could lead to the compromise of systems running Apache Log4j version 2.14.1 or earlier.

According to Check Point researchers, attackers are attempting to scan the internet for vulnerable Log4j, with another 100 attempts to exploit the flaw every minute.

Sophos researchers discovered hundreds of thousands of attempts to remotely execute code using the Log4j flaw.

This is a common strategy used by hackers to take advantage of newly disclosed vulnerabilities before they are fixed.

“I can’t emphasize how serious this threat is.

On the surface, this appears to be aimed at cryptominers, but we believe it creates exactly the kind of background noise that serious actors will try to exploit,” said Lotem Finkelstein, Check Point’s director of threat intelligence.

Customers should upgrade to Log4j v2.15.0 as soon as possible, according to Google.

Customers can mitigate the issue by setting the “No Lookups property (log4j2.formatMsgNoLookups)” to true if the upgrade cannot be completed quickly.

In addition to updating, Google Cloud Security products can assist in detecting and temporarily resolving exploitation issues until a patch is released.

Users should also use a vulnerability scanner to find issues reported by the National Vulnerability Database.

Cloud Armor can also help mitigate threats while waiting for a patch to be applied.

Cloud Armor can be turned on via the Cloud Console, then Network Security, or via an API call.

Google stated that they will “actively monitor this event and provide updates to this blog post” in the future.

