Log4j is an open source Java component, developed by the Apache Foundation and designed to store event traces.
Due to its ease of use and flexibility, log4j is used in many applications to record information in a log.
The wide adoption of Log4j has come to light after the discovery of a critical vulnerability in this component, which was called Log4Shell, due to the ease with which it allowed commands to be executed remotely on an affected system.
Cybersecurity articles related to Log4j
A number of technical articles connected to Log4j and cybersecurity have been made available on Tarlogic’s online platform.
- Log4shell full picture: All the vulnerabilities affecting Log4j
- Log4Shell vulnerability CVE-2021-44228, the new cyber-apocalypse
- Tracking JNDI attacks: Hunting Log4Shell in your network
- CVE-2022-42889: Text4Shell, Critical Vulnerability in Apache Commons Text
Cybersecurity services related to Log4j
Vulnerability management: This continuous vulnerability scanning service assists in managing the vulnerability life cycle and diminishing the exposure surface.
- More information: Vulnerability management service
Emerging vulnerabilities: This service is activated upon the release of a critical vulnerability that might threaten your organization’s perimeter, allowing for prompt action. We investigate the impact of zero-day vulnerabilities on the perimeter around the clock and determine affected assets.
- More information: Emerging Threats service
Threat Hunting: A managed service that emphasizes the proactive discovery of suspicious activities and mitigation of threats at endpoints, using telemetry generated by EDR and XDR technologies, and following the methodology specified in the MITRE ATT&CK framework.
- More information: Threat Hunting service