Log4Shell: How the Attackers’ Faces Have Changed Over Time
Following an article on January 24, 2022 of Log4Shell scanning and attack detections since the bug was reported, Sophos addresses reader questions about who’s behind it all
Following an article on January 24, 2022 of Log4Shell scanning and attack detections since the bug was reported, Sophos addresses reader questions about who’s behind it all
Sophos reviews the scanning and attack detections for Log4Shell to see what’s really going on
Last updated 2021-12-18 UTC 02:31 Update: Added new open source scanning tool, adjusted open sockets query Summary and Background Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems. Initially released, on December 9, 2021, Log4Shell (the nickname given to this…
Read more
The critical vulnerability in Apache’s Log4j Java-based logging utility (CVE-2021-44248) has been called the “most critical vulnerability of the last decade.” Also known as Log4Shell, the flaw has forced the developers of many software products to push out updates or mitigations to customers. And Log4j’s maintainers have published two new versions since the bug was discovered—the second completely eliminating the…
Read more