On-Demand Webinar

Log4Shell Vulnerability

Detection Strategies
December 10, 2021 12:00 AM
CST
Online
On-Demand Webinar

Log4Shell Vulnerability

Detection Strategies

CVE-2021-44228 / Log4Shell Vulnerability

Industry: N/A | Level: Tactical | Sources: LunaSec & GitHub-Log4Shell-List

 A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others. The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request. Mitigation is available through an update with affected users recommended to update to log4j version "log4j-2.15.0-rc2". Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.

**For updates, detection content & logic, attack flow, threat examples & use case demonstrations - Check out our Log4Shell blog We're here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact: detection.support@anvilogic.com 

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
White Paper

Log4Shell Vulnerability

Detection Strategies
December 10, 2021

Log4Shell Vulnerability

Detection Strategies
No items found.

CVE-2021-44228 / Log4Shell Vulnerability

Industry: N/A | Level: Tactical | Sources: LunaSec & GitHub-Log4Shell-List

 A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others. The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request. Mitigation is available through an update with affected users recommended to update to log4j version "log4j-2.15.0-rc2". Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.

**For updates, detection content & logic, attack flow, threat examples & use case demonstrations - Check out our Log4Shell blog We're here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact: detection.support@anvilogic.com 

Resources

No items found.

Build Detection You Want,
Where You Want

Build Detection You Want,
Where You Want

December 10, 2021

Log4Shell Vulnerability

Detection Strategies

Resources

No items found.

Build Detection You Want,
Where You Want

Build Detection You Want,
Where You Want

Product Vision
|
December 10, 2021
|
4 min read

Log4Shell Vulnerability

This is some text inside of a div block.

| Author

A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution.

CVE-2021-44228 / Log4Shell Vulnerability

Industry: N/A | Level: Tactical | Sources: LunaSec & GitHub-Log4Shell-List

 A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others. The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request. Mitigation is available through an update with affected users recommended to update to log4j version "log4j-2.15.0-rc2". Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.

**For updates, detection content & logic, attack flow, threat examples & use case demonstrations - Check out our Log4Shell blog We're here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact: detection.support@anvilogic.com 

Resources

No items found.