Log4j

Log4Shell enumeration, mitigation and attack detection tool

December 21, 2021

Datto is encouraging all MSPs to download a free script that it has developed and made available on GitHub for any Remote Monitoring and Management (RMM) solution. This …

The Log4j saga: New vulnerabilities and attack vectors discovered

December 20, 2021

The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …

The impact of the Log4j vulnerability on OT networks

December 16, 2021

Operational Technology (OT) networks are at risk from the recently-announced Apache Log4j (CVE-2021-44228) vulnerability. On the surface, it is not clear why this should be. …

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

December 15, 2021

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …

The Log4j JNDI attack and how to prevent it

December 13, 2021

The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

December 13, 2021

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

December 10, 2021

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …