A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services.
Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j. It is recommended that organizations should immediately upgrade to Log4j version 2.15.0 or apply appropriate vendor-recommended mitigations.
CTA members are working to support customers in responding to this threat, including sharing pre-release blogs posts with CTA’s Early Sharing program to ensure that industry response efforts are aligned with the most up-to-date understanding of this threat.
CTA will collate relevant threat reports, blog posts, and advice around protections and mitigations from our members in order to support other organizations in responding to incidents related to this vulnerability. As new materials and insights are made available, we will update this blog post.
AT&T Alien Labs
Avast
Broadcom Symantec
Check Point
- Log4j Vulnerability and Cloud Guard AppSec Machine Learning based Approach for Preemptive Prevention
- Protect Yourself Against The Apache Log4j Vulnerability
- A deep dive into a real-life Log4j exploitation
- The Numbers Behind Log4j CVE-2021-44228
- Log4j vulnerability Protection for Endpoints
Cisco Talos
- Any impact of log4j vulnerability on Cisco Small Business routers?
- Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild
- Comprehensive Threat Intelligence: 2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j
Dragos
Ericom
- Ericom Software products and the Log4Shell Exploits
- Ericom Customers – Staying Ahead of CVE-2021-44228
Fortinet
- CVE-2021-44228 – Apache Log4j Vulnerability
- Critical Apache Log4j (Log4Shell) Vulnerability Updates: What You Need to Know
- Log4j2 Vulnerability | FortiGuard
Juniper
- Apache Log4j Vulnerability CVE-2021-44228 Raises widespread Concerns
- Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
- Log4j Attack Payloads In The Wild
K7 Computing
McAfee
- Log4Shell Vulnerability is the Coal in our Stocking for 2021
- Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know.
- Log4J and The Memory That Knew Too Much
- Threat Intelligence and Protections Update Log4Shell CVE-2021-44228
Morphisec
Palo Alto Networks
- Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228)
- Log4j Resource Center
Radware
Rapid7
- Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
- Update on Log4Shell’s Impact on Rapid7 Solutions and Systems
- Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations
- The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
- How to Protect Your Applications Against Log4Shell With tCell
- Test for Log4Shell With InsightAppSec Using New Functionality
- Log4Shell Strategic Response: 5 Practices for Vulnerability Management
- Log4Shell | Log4J | cve-2021-44228 resource hub for Rapid7
ReversingLabs
- Log4j Is Why You Need An SBoM
- Episode 232: Log4j Won’t Go Away (And What To Do About It.)
- A Look Back At 2021: The Year Supply Chain Threats Went Mainstream
- Here’s What Happened with Log4Shell While You Were Out
SecurityScorecard
- Log4Shell Is the Most Dangerous Exploit Since Shellshock
- SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors
SK shieldus
SonicWall
- Security Notice: Apache Log4j Remote Code Execution (RCE) Log4shell Vulnerability (CVE-2021-44228)
- Security Advisory
Sophos
- Log4Shell Hell: anatomy of an exploit outbreak
- “Log4Shell” Java vulnerability – how to safeguard your servers
- Log4Shell explained – how it works, why you need to know, and how to fix it – Naked Security
- Inside the code: How the Log4Shell exploit works
- Log4Shell Response and Mitigation Recommendations
- Log4Shell: The Movie… a short, safe visual tour for work and home – Naked Security
Symantec
TEHTRIS
VMware