Just in time for the holidays, a significant vulnerability was identified in Apache's Java-based logging library, Log4J. This vulnerability was disclosed on 12/10/2021 and is known as Log4Shell. The flaw exposes some of the world's most popular applications and services to attack. It impacts AWS, Microsoft, Cisco, Google Cloud, and any platforms using software that utilizes the Log4j library.
Like Solarwinds, this weakness is at the core of the technology stack. Unlike Solarwinds, which tended to affect primarily large platform customers, this zero-day will impact even the smallest organizations dependent upon the webserver logging library.
ProCircular IR Engineer, Joey Marinello, gave a flash briefing on the topic, including steps to implement mitigating controls and detect whether you've been affected by this sophisticated and targeted attack. Be sure to download this briefing and take a look at the vulnerability resources below:
