The Apache Foundation released an emergency update for the critical zero-day vulnerability in Log4j – named Log4Shell. The vulnerbaility received the identifier CVE-2021-44228 and with a CVSS severity score of 10.0, it is widely believed to be easy to exploit and very difficult to detect.

The CVE-2021-44228 vulnerability is still being actively investigated in order to properly identify the full scope severity. Finding Log4j is a challenge as the way that Java packaging works. It is very possible that you could have Log4j hiding somewhere in your application and not know about it.

The impact of this vulnerability is huge and the speed at which attackers are using it is set to cause a disrupt to the cybersecurity sector over the coming weeks. We have seen instances of payloads including cryptominers like Golang-based Kinsing ELF payloads, however this is only the beginning of it.

This has the potential to scale massively as attackers ramp up their infrastructure to take advantage of this exploitation opportunity.

Fill out the below form for a Free Risk Assessment from Smarttech247 to find out if your organizaton has been infected with the hidden vulnerability, Log4j.