Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard

SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors

Dec 17, 2021 By SecurityScorecard In SecurityScorecard

There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.

Read Post
Arctic Wolf

Arctic Wolf Releases Open Source Log4Shell Detection Script

Dec 17, 2021 By Arctic Wolf In Arctic Wolf
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
Read Post
kroll

How Kroll is Handling CVE-2021-44228 (Log4J / Log4Shell)

Dec 17, 2021 By Devon Ackerman In Kroll

A critical vulnerability has been recently discovered in the Apache Log4j Java logging library (CVE-2021-44228), a library used in many client and server applications. The Log4j library is commonly included in Java based software including multiple Apache frameworks such as Struts2, Solr, Druid and Fink. The library provides enhanced logging functionality for Java applications and is commonly used in business system development.

Read Post

Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Dec 16, 2021 By Snyk In Snyk
A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.
View Video
Trustwave

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec 16, 2021 By Trustwave In Trustwave

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Read Post
Trustwave

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec 16, 2021 By Trustwave In Trustwave

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Read Post
sumologic

Infrastructure is a disaster. The lessons from Log4J.

Dec 16, 2021 By George Gerchow In Sumo Logic
New day. New threat. New technology to combat said threat. Sound familiar? The threat landscape is continually evolving and getting more sophisticated, and, in an attempt to keep up, many organizations are quick to adopt the latest buzz-worthy product. This is a recipe for disaster.
Read Post
netskope

Khonsari: New Ransomware Delivered Through Log4Shell

Dec 16, 2021 By Gustavo Palazolo In Netskope

While many organizations are patching the two recent Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), attackers have been racing to exploit them to deliver malware, such as botnets, backdoors, and cryptominers. Among the threats delivered using Log4Shell exploits, a new ransomware family was found by Bitdefender: Khonsari.

Read Post
upguard

How to Respond: The Apache Log4j Vulnerability Clearly Explained

Dec 16, 2021 By Edward Kost In UpGuard

The Apache Log4j vulnerability has been assigned the most critical cyber threat rating of CVSS 10. For a concise overview of the zero-day, and to learn how to secure your systems against its exploitation, all of the popular FAQs concerning this vulnerability have been conveniently compiled in this post.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.