Incident Response Blog: Log4j

A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services.

Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j. It is recommended that organizations should immediately upgrade to Log4j version 2.15.0 or apply appropriate vendor-recommended mitigations.

CTA members are working to support customers in responding to this threat, including sharing pre-release blogs posts with CTA’s Early Sharing program to ensure that industry response efforts are aligned with the most up-to-date understanding of this threat.

CTA will collate relevant threat reports, blog posts, and advice around protections and mitigations from our members in order to support other organizations in responding to incidents related to this vulnerability. As new materials and insights are made available, we will update this blog post.

AT&T Alien Labs

Avast

Broadcom Symantec

Check Point

Cisco Talos

Dragos

Ericom

Fortinet

Juniper

K7 Computing

McAfee

Morphisec

Palo Alto Networks

Radware

Rapid7

ReversingLabs

SecurityScorecard

SK shieldus

SonicWall

Sophos

Symantec

TEHTRIS

VMware

Author: Neil Jenkins