Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Log4Shell Tools and Resources for Defenders – Continuously Updated

Log4Shell tools and resources

Log4Shell tools and resources

The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.

The vulnerability is tracked as CVE-2021-44228 and it has been dubbed Log4Shell and LogJam. The security hole exposes many organizations to attacks and exploitation is not difficult.

SecurityWeek has compiled a list of tools and other resources that can be useful for defenders concerned about the impact of the Log4Shell vulnerability on their organization.

News articles

Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray (01.25.2022)

SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (01.20.2022)

Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities (01.19.2022)

CISA Unaware of Any Significant Log4j Breaches in U.S. (01.11.2022)

Attackers Hitting VMWare Horizon Servers With Log4j Exploits (01.07.2022)

FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (01.05.2022)

ICS Vendors Respond to Log4j Vulnerabilities (01.05.2022)

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (12.29.2021)

Another Remote Code Execution Vulnerability Patched in Log4j (12.29.2021)

NVIDIA, HPE Products Affected by Log4j Vulnerabilities (12.23.2021)

Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities (12.23.2021)

CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date (12.22.2021)

Chinese Government Punishes Alibaba for Not Telling It First About Log4Shell Flaw (12.22.2021)

Belgian Military in Five-Day Battle Against Cyberattack (12.22.2021)

Google Finds 35,863 Java Packages Using Defective Log4j (12.20.2021)

Log4j Update Patches New Vulnerability That Allows DoS Attacks (12.20.2021)

CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities (12.20.2021)

MobileIron Users Targeted in Log4Shell Attacks as Exploit Activity Surges (12.17.2021)

Threat Groups Reportedly Working on Log4Shell Worm (12/16/2021)

Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw (12/15/2021)

Industry Reactions to Log4Shell Vulnerability (12/15/2021)

Problematic Log4j Functionality Disabled as More Security Issues Come to Light (12/15/2021)

SAP Patches Log4Shell Vulnerability in 20 Applications (12/15/2021)

EXPLAINER: The Security Flaw That’s Freaked Out the Internet (12/14/2021)

Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (12/14/2021)

Industrial Organizations Targeted in Log4Shell Attacks (12/14/2021)

Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (12/14/2021)

Companies Respond to Log4Shell Vulnerability as Attacks Rise (12/13/2021)

Exploits Swirling for Major Security Defect in Apache Log4j (12/10/2021)

Useful information and tools

Official patches

List of affected, potentially affected and unaffected products

CISA Log4j vulnerability guidance

Advisories from vendors and cybersecurity companies

Hashes for vulnerable Log4j versions

Malware samples and other payloads delivered in Log4Shell attacks

Indicators of compromise (IoC)

Cybereason vaccine to prevent exploitation Log4Shell vulnerability

Detector for Log4Shell exploitation attempts

CVE-2021-44228 scanner from CERT/CC

WhiteSource tool to detect and remediate CVE-2021-44228 and CVE-2021-445046

Java and Python tools from JFrog to help developers detect use of Log4j

Open source Log4j scanner from CISA

Resources for industrial organizations

ICS Vendors Respond to Log4j Vulnerabilities

Blog post from Dragos with information on attacks and mitigations

Blog post from Nozomi Networks with information on attacks

Advisory from Schneider Electric

Advisory from Siemens

Advisory from Inductive Automation

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.