#apache #log4j security vulnerabilities ,#cve-2021-44228 ,log4j #cve-2021-44228 ,#log4j #zero #day ,zero day ,log4shell ,log4j poc ,apache log4j vulnerabilities

Log4j is logging library used by Apache products, Log4j is affected by the CVE-2021-44228 which is lead to a remote code execution vulnerability, it can be exploited without authentication. making CVE-2021-44228 an unauthenticated RCE vulnerability

Apache Log4j versions prior to 2.15.0 do not protect against attacker-controlled LDAP and other JNDI-related endpoints. When message lookup substitution is enabled, an attacker with control over log messages or log message parameters can execute arbitrary code loaded from LDAP servers. This vulnerability is also dubbed Log4Shell or LogJam.

Useful Links

Official Log4j release
https://logging.apache.org/log4j/2.x/

Vulnerability analysis by #Tenable (#Nessus)
https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability

List of vendor releases related to this vulnerability
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Useful Reddit thread
https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

Github POCs / #JNDI injection exploit
https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
https://github.com/welk1n/JNDI-Injection-Exploit


#F5 #WAF response
https://support.f5.com/csp/article/K19026212

#List of Known Addresses that are distributing the malware
https://www.facebook.com/techvortex.official/photos/gm.1098875667525789/155821003435538/?type=3&theater

Chapter
00:00 introduction
00:28 How threat actors can exploit this vulnerability
02:43 Do you have the following protection measures?
03:21 How to know if you are using Log4j library anywhere in your infra
04:00 Can WAF or IPS protect you?
5:12 The benefits of GEOIP DB and Dynamic address Blacklist
6:36 DNS Sinkhole to protect your from garbage DNS
07:13 SIEM could be useful in our case
7:52 Useful resources | Log4j documentation
8:56 Consider threat intelligence information, block bad reputation IP addresses
09:35 Virtual patching won't hold so long, Patching is mandatory
10:15 Keep updated with what vendors say about the Log4j
11:26 Outro, and thank you!



Contact us
Telegram
https://t.me/techvortex

Facebook Group
https://www.facebook.com/groups/1012323126181044

Facebook Page
https://www.facebook.com/techvortex.official

This video is a result of hard work, dedicated time and preparation and years of experience, Please like, Subscribe and Share and tell us your comment