A practical guide to Log4shell remediation

Log4Shell (CVE-2021 – 44228): is a zero-day vulnerability in Log4j, a popular Java logging framework. Log4j has left businesses and government officials scrambling to deal with the blatant cybersecurity threat to global computer networks. The bug disclosed recently could trigger potentially devastating cyberattacks spanning economic sectors and international borders, security experts say.

Leading researchers and technology companies have warned that hackers with links to foreign governments and ransomware criminal groups seek to exploit vulnerabilities in targets’ computer systems.

Find out more and what you should be doing HERE.

Conti Ransomware Gang Has Full Log4Shell Attack Chain

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.

The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.

You can read the Threatpost story HERE.

Check for Log4j vulnerabilities with this simple-to-use script

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

To find out what you should be doing check HERE.