Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Log4Shell Tools and Resources for Defenders – Continuously Updated

SecurityWeek has compiled a list of useful Log4Shell tools and resources for defenders.

Log4Shell tools and resources

The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.

The vulnerability is tracked as CVE-2021-44228 and it has been dubbed Log4Shell and LogJam. The security hole exposes many organizations to attacks and exploitation is not difficult.

SecurityWeek has compiled a list of tools and other resources that can be useful for defenders concerned about the impact of the Log4Shell vulnerability on their organization.

News articles

Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray (01.25.2022)

SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (01.20.2022)

Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities (01.19.2022)

CISA Unaware of Any Significant Log4j Breaches in U.S. (01.11.2022)

Advertisement. Scroll to continue reading.

Attackers Hitting VMWare Horizon Servers With Log4j Exploits (01.07.2022)

FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (01.05.2022)

ICS Vendors Respond to Log4j Vulnerabilities (01.05.2022)

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (12.29.2021)

Another Remote Code Execution Vulnerability Patched in Log4j (12.29.2021)

NVIDIA, HPE Products Affected by Log4j Vulnerabilities (12.23.2021)

Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (12.23.2021)

CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (12.22.2021)

Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw (12.22.2021)

Belgian Military in Five-Day Battle Against Cyberattack (12.22.2021)

Google Finds 35,863 Java Packages Using Defective Log4j (12.20.2021)

Log4j Update Patches New Vulnerability That Allows DoS Attacks (12.20.2021)

CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities (12.20.2021)

MobileIron Users Targeted in Log4Shell Attacks as Exploit Activity Surges (12.17.2021)

Threat Groups Reportedly Working on Log4Shell Worm (12/16/2021)

Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (12/15/2021)

Industry Reactions to Log4Shell Vulnerability (12/15/2021)

Problematic Log4j Functionality Disabled as More Security Issues Come to Light (12/15/2021)

SAP Patches Log4Shell Vulnerability in 20 Applications (12/15/2021)

EXPLAINER: The Security Flaw That’s Freaked Out the Internet (12/14/2021)

Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (12/14/2021)

Industrial Organizations Targeted in Log4Shell Attacks (12/14/2021)

Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (12/14/2021)

Companies Respond to Log4Shell Vulnerability as Attacks Rise (12/13/2021)

Exploits Swirling for Major Security Defect in Apache Log4j (12/10/2021)

Useful information and tools

Official patches

List of affected, potentially affected and unaffected products

CISA Log4j vulnerability guidance

Advisories from vendors and cybersecurity companies

Hashes for vulnerable Log4j versions

Malware samples and other payloads delivered in Log4Shell attacks

Indicators of compromise (IoC)

Cybereason vaccine to prevent exploitation Log4Shell vulnerability

Detector for Log4Shell exploitation attempts

CVE-2021-44228 scanner from CERT/CC

WhiteSource tool to detect and remediate CVE-2021-44228 and CVE-2021-445046

Java and Python tools from JFrog to help developers detect use of Log4j

Open source Log4j scanner from CISA

Resources for industrial organizations

ICS Vendors Respond to Log4j Vulnerabilities

Blog post from Dragos with information on attacks and mitigations

Blog post from Nozomi Networks with information on attacks

Advisory from Schneider Electric

Advisory from Siemens

Advisory from Inductive Automation

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...