Cloudflare: “Because of the widespread use of Java and Log4j, this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock.”

I’ve attempted to wade through the FUD and put together a consolidated list of useful resources related to the Log4J aka Log4Shell incident and vulnerability.

Florian Roth (@cyb3rops): https://github.com/Neo23x0/Fenrir/releases

Fastly: https://www.fastly.com/blog and https://www.fastly.com/blog

Kevin Beaumont (@GossiTheDog) Tweeted: https://twitter.com/GossiTheDog/status/1469807319865348096 and https://twitter.com/GossiTheDog/status/1469248250670727169

Cloudflare: https://blog.cloudflare.com/blog

GitHub resources list: https://gist.github.com/SwitHak/

CISA: https://www.cisa.gov/news

Jacob Williams https://twitter.com/MalwareJake/status/1470416041281007622?s=20

List of resouces from Reddit: https://www.reddit.com/r/blueteamsec

Google Cloud Blog: https://cloud.google.com/blog

Joshua Bregler: https://www.linkedin.com/posts/breglercissp_infographic-log4j-log4j2-activity-6876680855922712576-dRGU

Rob Fuller: https://www.linkedin.com/posts/mubix_log4shell-log4j-management-activity-6876536157119897600-nacC