By now, you most likely have heard about CVE-2021-44228, the "Log4Shell" vulnerability which impacts the Apache Log4j library. Discovered on December 9th, the vulnerability exposes applications and servers that use Log4j. Apache Log4j is a tool for logging activities in Java software. Developers and programmers use the library to note the activities of their applications and servers.
An exploit has already been made public. Any application or server that runs Java software can be compromised. We have received reports of attackers using the vulnerability for remote code execution attacks. That means they can run arbitrary code, access all data on the affected asset, delete or encrypt files, and hold them for ransom.
Our X-Force team of hackers, responders, researchers, and intelligence analysts have been researching the finding and published a blog post which provides pertinent patching information released by Apache. We anticipate more attacks in the future, which is why it is critical for impacted organizations to apply the patch today.
We are also hosting an informational webinar on Wednesday, December 15th at 11am EST. Join the webinar to learn more about Log4Shell, its implications, who is impacted and actions to take to protect your organization now and in the future. You can register here.