Security Experts:

Log4Shell Tools and Resources for Defenders - Continuously Updated

Log4Shell tools and resources

The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.

The vulnerability is tracked as CVE-2021-44228 and it has been dubbed Log4Shell and LogJam. The security hole exposes many organizations to attacks and exploitation is not difficult.

SecurityWeek has compiled a list of tools and other resources that can be useful for defenders concerned about the impact of the Log4Shell vulnerability on their organization.

News articles

Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray (01.25.2022)

SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (01.20.2022)

Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities (01.19.2022)

CISA Unaware of Any Significant Log4j Breaches in U.S. (01.11.2022)

Attackers Hitting VMWare Horizon Servers With Log4j Exploits (01.07.2022)

FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (01.05.2022)

ICS Vendors Respond to Log4j Vulnerabilities (01.05.2022)

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (12.29.2021)

Another Remote Code Execution Vulnerability Patched in Log4j (12.29.2021)

NVIDIA, HPE Products Affected by Log4j Vulnerabilities (12.23.2021)

Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (12.23.2021)

CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (12.22.2021)

Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw (12.22.2021)

Belgian Military in Five-Day Battle Against Cyberattack (12.22.2021)

Google Finds 35,863 Java Packages Using Defective Log4j (12.20.2021)

Log4j Update Patches New Vulnerability That Allows DoS Attacks (12.20.2021)

CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities (12.20.2021)

MobileIron Users Targeted in Log4Shell Attacks as Exploit Activity Surges (12.17.2021)

Threat Groups Reportedly Working on Log4Shell Worm (12/16/2021)

Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (12/15/2021)

Industry Reactions to Log4Shell Vulnerability (12/15/2021)

Problematic Log4j Functionality Disabled as More Security Issues Come to Light (12/15/2021)

SAP Patches Log4Shell Vulnerability in 20 Applications (12/15/2021)

EXPLAINER: The Security Flaw That's Freaked Out the Internet (12/14/2021)

Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (12/14/2021)

Industrial Organizations Targeted in Log4Shell Attacks (12/14/2021)

Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (12/14/2021)

Companies Respond to Log4Shell Vulnerability as Attacks Rise (12/13/2021)

Exploits Swirling for Major Security Defect in Apache Log4j (12/10/2021)

Useful information and tools

Official patches

List of affected, potentially affected and unaffected products

CISA Log4j vulnerability guidance

Advisories from vendors and cybersecurity companies

Hashes for vulnerable Log4j versions

Malware samples and other payloads delivered in Log4Shell attacks

Indicators of compromise (IoC)

Cybereason vaccine to prevent exploitation Log4Shell vulnerability

Detector for Log4Shell exploitation attempts

CVE-2021-44228 scanner from CERT/CC

WhiteSource tool to detect and remediate CVE-2021-44228 and CVE-2021-445046

Java and Python tools from JFrog to help developers detect use of Log4j

Open source Log4j scanner from CISA

Resources for industrial organizations

ICS Vendors Respond to Log4j Vulnerabilities

Blog post from Dragos with information on attacks and mitigations

Blog post from Nozomi Networks with information on attacks

Advisory from Schneider Electric

Advisory from Siemens

Advisory from Inductive Automation

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.