The Log4Shell vulnerability has affected workforce management and human resources (HR) cloud provider Kronos, the company warned users in a blog post last updated Monday (Dec. 13).
Log4Shell is a security flaw found in things like online games, enterprise software, cloud data centers and more. It has a zero-day vulnerability, which means organizations affected don’t have any time to patch their systems afterward.
Kronos first alerted its users to a problem on Saturday (Dec. 11), saying in a later blog post that the company “took immediate action to investigate and mitigate the issue.”
The attack forced Kronos to take its systems offline “possibly for the next several weeks,” per a report from Ars Technica, although the company hasn’t confirmed whether the vulnerability was what was used to take the systems offline.
On Sunday (Dec. 12), Kronos said the services had been unavailable for the past day and that the attack had taken down the Kronos UKG Workforce Central, UKG TeleStaff and Banking Scheduling Solutions services.
In that Sunday post, Kronos representative Leo…
