This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to come. We also answer a mailbag full of questions from our listeners and WatchGuard partners about Log4Shell.
NCSC log4js Usage Index – https://github.com/NCSC-NL/log4shell/blob/main/software/README.md
Log4Shell IOCs – https://github.com/WatchGuard-Threat-Lab/log4shell-iocs
Log4Shell Scanning Utility – https://github.com/proferosec/log4jScanner