Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard

SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors

Dec 17, 2021 By SecurityScorecard In SecurityScorecard

There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.

Read Post
Arctic Wolf

Arctic Wolf Releases Open Source Log4Shell Detection Script

Dec 17, 2021 By Arctic Wolf In Arctic Wolf
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
Read Post
kroll

How Kroll is Handling CVE-2021-44228 (Log4J / Log4Shell)

Dec 17, 2021 By Devon Ackerman In Kroll

A critical vulnerability has been recently discovered in the Apache Log4j Java logging library (CVE-2021-44228), a library used in many client and server applications. The Log4j library is commonly included in Java based software including multiple Apache frameworks such as Struts2, Solr, Druid and Fink. The library provides enhanced logging functionality for Java applications and is commonly used in business system development.

Read Post

What has the Log4shell vulnerability taught us about application security?

Dec 16, 2021 By Snyk In Snyk
A week ago, we had no idea what Log4shell was. Today, we have the global developer community coming together to keep itself safe from a vulnerability that ranks the highest in terms of risk. We need technical solutions, but what does it mean for the landscape of application security, and what have we learned from this situation?
View Video

Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 16, 2021 By Sysdig In Sysdig
A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host. The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft. It is also used in various Apache frameworks like Struts2, Kafka, Druid, Flink, and many commercial products.
View Video

Understanding the Log4j Log4Shell Vulnerability

Dec 16, 2021 By Arctic Wolf In Arctic Wolf
A zero-day threat is creating waves through the cybersecurity industry more than any other in years. On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. In the week since its discovery businesses worldwide are frantically trying to identify and mitigate the exploit, while security pros and experts are desperately attempting to release patches and guide organizations as new information becomes known.
View Video
mend

Log4j Vulnerability CVE-2021-45046 Explained

Dec 16, 2021 By Hagai Wechsler In Mend

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

Read Post

Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Dec 16, 2021 By Snyk In Snyk
A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.