Image
21.12.2021

Log4shell: no data loss or signs of attack at Feintool.

Log4Shell is the name given to a critical zero-day vulnerability that surfaced Mid-December when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps, including those used inside just about every enterprise on the planet.

Another well-known example would be Apple iCloud.

What’s Log4J and what makes Log4Shell such a big deal?

Log4J is an open source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface to obtain services from the Lightweight Directory Access Protocol (LDAP). The end result: Log4j will interpret a log message as a URL, go and fetch it, and even execute any executable payload it contains with the full privileges of the main program. Exploits are triggered inside text using the ${} syntax, allowing them to be included in browser user agents or other commonly logged attributes.

What Feintool has done so far

As of today, all applications that are accessible from the Internet have been checked, patched or disabled. To date, we have had no data loss or signs of attack.
To protect our systems, we have blocked the known indicators of compromise (IOCs) and ensured that our Endpoint Detection and Response (EDR) solution is able to detect any attempt to exploit this vulnerability.

Feintool is an internationally active market leader in the technologies of fineblanking, forming and sheet metal stamping for processing steel sheets.

Werkzeuge Werkzeugbau

Get in touch with us. We will be glad to help you.

Request a callback now.

Ihre Anfrage wurde gesendet!
Ihre Anfrage konnte nicht gesendet werden!
Cookie-Settings
We use cookies only to analyse the visits to our website. The anonymised information obtained in the course of your visit to our website is used on an event-driven basis to analyse user behaviour.
Allow all cookies
Allow selection
Individual settings
Individual settings
This is an overview of all cookies used on the website. You have the option of making individual cookie settings. Give your consent to individual cookies or entire groups. Essential cookies cannot be deactivated.
Save
Cancel
Essential (2)
Essential cookies are required for the basic functionality of the website.
Show cookies
Statistics (1)
Statistics cookies track the user and the associated surfing behavior to improve the user experience.
Show cookies