The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.
The vulnerability is tracked as CVE-2021-44228 and it has been dubbed Log4Shell and LogJam. The security hole exposes many organizations to attacks and exploitation is not difficult.
SecurityWeek has compiled a list of tools and other resources that can be useful for defenders concerned about the impact of the Log4Shell vulnerability on their organization.
News articles
Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray (01.25.2022)
SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (01.20.2022)
Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities (01.19.2022)
CISA Unaware of Any Significant Log4j Breaches in U.S. (01.11.2022)
Attackers Hitting VMWare Horizon Servers With Log4j Exploits (01.07.2022)
FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (01.05.2022)
ICS Vendors Respond to Log4j Vulnerabilities (01.05.2022)
Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (12.29.2021)
Another Remote Code Execution Vulnerability Patched in Log4j (12.29.2021)
NVIDIA, HPE Products Affected by Log4j Vulnerabilities (12.23.2021)
Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (12.23.2021)
CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (12.22.2021)
Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw (12.22.2021)
Belgian Military in Five-Day Battle Against Cyberattack (12.22.2021)
Google Finds 35,863 Java Packages Using Defective Log4j (12.20.2021)
Log4j Update Patches New Vulnerability That Allows DoS Attacks (12.20.2021)
CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities (12.20.2021)
MobileIron Users Targeted in Log4Shell Attacks as Exploit Activity Surges (12.17.2021)
Threat Groups Reportedly Working on Log4Shell Worm (12/16/2021)
Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (12/15/2021)
Industry Reactions to Log4Shell Vulnerability (12/15/2021)
Problematic Log4j Functionality Disabled as More Security Issues Come to Light (12/15/2021)
SAP Patches Log4Shell Vulnerability in 20 Applications (12/15/2021)
EXPLAINER: The Security Flaw That’s Freaked Out the Internet (12/14/2021)
Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (12/14/2021)
Industrial Organizations Targeted in Log4Shell Attacks (12/14/2021)
Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (12/14/2021)
Companies Respond to Log4Shell Vulnerability as Attacks Rise (12/13/2021)
Exploits Swirling for Major Security Defect in Apache Log4j (12/10/2021)
Useful information and tools
List of affected, potentially affected and unaffected products
CISA Log4j vulnerability guidance
Advisories from vendors and cybersecurity companies
Hashes for vulnerable Log4j versions
Malware samples and other payloads delivered in Log4Shell attacks
Indicators of compromise (IoC)
Cybereason vaccine to prevent exploitation Log4Shell vulnerability
Detector for Log4Shell exploitation attempts
CVE-2021-44228 scanner from CERT/CC
WhiteSource tool to detect and remediate CVE-2021-44228 and CVE-2021-445046
Java and Python tools from JFrog to help developers detect use of Log4j
Open source Log4j scanner from CISA
Resources for industrial organizations
ICS Vendors Respond to Log4j Vulnerabilities
Blog post from Dragos with information on attacks and mitigations
Blog post from Nozomi Networks with information on attacks
