How to Protect Your Applications Against Log4Shell With tCell

By now, we’re sure you’re familiar with all things Log4Shell – but we want to make sure we share how to protect your applications. Applications are a critical part of any organization’s attack surface, and we’re seeing thousands of Log4Shell attack attempts in our customers' environments every...

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Exploiting CVE-2021-44228 using PDFs as delivery channel - PoC...

Security Bulletin: IBM Application Navigator is vulnerable to an remote attacker exploitation of Apache Log4j (CVE-2021-44228)

Summary The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out of an abundance of caution this update removes the unused copy of Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow ...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4JHunt An automated, reliable scanner for the Log4Shell CVE...

Exploit for Expression Language Injection in Apache Log4J

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046 Attack...

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

UPDATE — The severity score of CVE-2021-45046, originally classified as a DoS bug, has since been revised from 3.7 to 9.0, to reflect the fact that an attacker could abuse the vulnerability to send a specially crafted string that leads to "information leak and remote code execution in some...

AMD Response to Log4j (Log4Shell) Vulnerability

Bulletin ID: AMD-SB-1034 Potential Impact: Remote Code Execution Severity: Critical Summary 1/17/2022 Update: AMD has completed our investigation of the Apache Log4j vulnerability. AMD believes no AMD products are affected. 12/15/2021: AMD is actively investigating potential impacts of the Apache...

Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR

Author: Hiep Dang & Malware Threat Research Team On Dec 9, 2021, the world first learned about the Log4Shell vulnerability aka Log4J CVE-2021-44228 found in the Log4j2 library commonly used by Java applications. Since then, everyone in the cybersecurity industry has been scrambling to understand...

Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations

It's been a long few days as organizations' security teams have worked to map, quantify, and mitigate the immense risk presented by the Log4Shell vulnerability within Log4j. As can be imagined, cybercriminals are working overtime as well, as they seek out ways to exploit this vulnerability. Need...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Simple Spring Boot application vulnerable to CVE-2021-44228 L...

What the Log4Shell Bug Means for SMBs: Experts Weigh In

News of the Log4Shell vulnerability is everywhere, with security experts variously calling the Apache log4j logging library bug a recipe for an “internet meltdown,” as well as the “worst cybersecurity bug of the year.” Names like “Apple,” “Twitter” and “Cloudflare” are being bandied about as bein...

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The atta...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-finder A Python3 script to scan the filesystem to find...

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s Log4j Java library a.k.a. Log4Shell. We have been continuously monitoring for Log4Shell exploit attempts in our environment and have been urgently...

Apache Log4Shell RCE detection via Raw Socket Logging (Direct Check)

Binary data apachelog4jjndildapgenericraw.nbin...

Log4Shell Ecosystem Wrapper

"This plugin was used in the scan template 'Log4Shell Vulnerability Ecosystem' prior to 2/2/2022 as a way to include other plugins related to the Log4j vulnerabilities CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, and CVE-2021-4104, including those based on patches from other vendors." + '\n' +...

Acronis: [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day

Summary The website at nps.acronis.com is vulnerable to CVE-2021-44228 Steps To Reproduce I used this script to find this. It spins up an interact-sh server to receive the callback and send the payload in the query string and about 30 diffent headers. You can reproduce manually with curl and...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4shell.tools !buildhttps://github.com/alexbakker/log4sh...

Where the Latest Log4Shell Attacks Are Coming From

Cybersecurity professionals across the world have been scrambling to shore up their systems against a critical remote code-execution RCE flaw CVE-2021-44228 in the Apache Log4j tool, discovered just days ago. Now under active exploit, the “Log4Shell” bug allows complete server takeover. Researche...