On December 9, 2021, the Log4Shell / Log4j vulnerability, tracked as CVE-2021-44228, was publicly revealed via the project’s GitHub. Since its release, it has been discovered that the vulnerability impacts many types of software, and likely billions of devices.
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
Join us as the Randori Attack team and Greynoise Research team meet for a deep dive of the vulnerability and how to protect yourself against it.