Posts tagged log4j

2 min Security Nation

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache’s Log4j logging library.

4 min Emergent Threat Response

Active Exploitation of VMware Horizon Servers

Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.

6 min Log4Shell

Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale

Where do you begin to respond to a critical vulnerability like the one in Apache’s Log4j Java library (a.k.a. Log4Shell)? Start with these 5 concepts.

3 min Application Security

Test for Log4Shell With InsightAppSec Using New Functionality

In this blog, we share how Rapid7 customers can test for Log4Shell with InsightAppSec.

3 min Metasploit

Metasploit Wrap-Up

A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes

14 min Log4Shell

The Everyperson’s Guide to Log4Shell (CVE-2021-44228)

This blog is for everyone who wants to understand what’s going on with the Log4Shell vulnerability in Log4j and why the internet seems to be on fire again.

4 min Application Security

How to Protect Your Applications Against Log4Shell With tCell

Let’s walk through the various ways tCell can help our customers protect against Log4Shell attacks.

7 min Vulnerability Management

Patch Tuesday - December 2021

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228.

3 min Threat Intel

Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations

The Rapid7 Threat Intelligence team is tracking the attacker's-eye view on Log4Shell and the related chatter on the clear, deep, and dark web.

8 min InsightVM

Using InsightVM to Find Apache Log4j CVE-2021-44228

How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.

3 min Emergent Threat Response

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell).

15 min Emergent Threat Response

Widespread Exploitation of Critical Remote Code Execution in Apache Log4j

On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.