{"id":44402,"date":"2021-12-13T13:13:35","date_gmt":"2021-12-13T13:13:35","guid":{"rendered":"http:\/\/23510876-ea3b-41e0-af3f-dda7f9115542"},"modified":"2021-12-13T13:13:35","modified_gmt":"2021-12-13T13:13:35","slug":"log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/","title":{"rendered":"Log4j zero-day flaw: What you need to know and how to protect yourself"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.&nbsp; <\/p>\n<p>The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Since <a href=\"https:\/\/www.zdnet.com\/article\/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited\/\">last week&#8217;s alert by CERT New Zealand<\/a> that <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2021-44228<\/a>, a remote code execution flaw in Log4j, was already being exploited in the wild, warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the UK&#8217;s National Cyber Security Centre (NCSC).&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/log4j-rce-activity-began-on-december-1-as-botnets-start-using-vulnerability\/\">Internet infrastructure provider Cloudflare said Log4j exploits started on December 1<\/a>. &nbsp; <\/p>\n<h3> What devices and applications are at risk?&nbsp; <\/h3>\n<p>Basically any device that&#8217;s exposed to the internet is at risk if it&#8217;s running Apache Log4J, versions 2.0 to 2.14.1. NCSC <a href=\"https:\/\/www.ncsc.gov.uk\/news\/apache-log4j-vulnerability\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">notes<\/a> that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks. &nbsp; <\/p>\n<p>Mirai, a botnet that targets all manner of internet-connected (IoT) devices, has adopted an exploit for the flaw. <a href=\"https:\/\/www.zdnet.com\/article\/log4j-rce-activity-began-on-december-1-as-botnets-start-using-vulnerability\/\">Cisco and VMware have released patches for their affected products<\/a>&nbsp;respectively.&nbsp; <\/p>\n<hr>\n<h3> Log4j flaw coverage \u2013 what you need to know now <\/h3>\n<hr>\n<p>AWS has detailed how the flaw impacts its services and said it is <a href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2021-005\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">working on patching its services<\/a> that use Log4j and has released mitigations for services like CloudFront. &nbsp; &nbsp;&nbsp; <\/p>\n<p>Likewise, IBM <a href=\"https:\/\/www.ibm.com\/blogs\/psirt\/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">said<\/a> it is &#8220;actively responding&#8221; to the Log4j vulnerability across IBM&#8217;s own infrastructure and its products. IBM has confirmed Websphere <a href=\"https:\/\/www.ibm.com\/support\/pages\/node\/6525706\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">8.5 and 9.0 are vulnerable<\/a>.&nbsp; <\/p>\n<p>Oracle has <a href=\"https:\/\/www.oracle.com\/security-alerts\/alert-cve-2021-44228.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">issued a patch for the flaw, too<\/a>.&nbsp; <\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible,&#8221; it said.&nbsp; <\/p>\n<h3> Necessary actions: Device discovery and patching <\/h3>\n<p>CISA&#8217;s main advice is to identify internet-facing devices running Log4j and upgrade them to version 2.15.0, or to apply the mitigations provided by vendors &#8220;immediately&#8221;. But it also recommends setting up alerts for probes or attacks on devices running Log4j. &nbsp; <\/p>\n<p>&#8220;To be clear, this vulnerability poses a severe risk,&#8221; <a href=\"https:\/\/www.cisa.gov\/news\/2021\/12\/11\/statement-cisa-director-easterly-log4j-vulnerability\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CISA director Jen Easterly said Sunday<\/a>. &#8220;We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.&#8221; &nbsp; <\/p>\n<p>Additional steps recommended by CISA include: enumerating any external facing devices with Log4j installed; ensuring the security operations center actions every alert with Log4j installed; and installing a web application firewall (WAF) with rules to focus on Log4j.&nbsp; <\/p>\n<p>AWS has updated its WAF rule set \u2013 AWSManagedRulesKnownBadInputsRuleSet AMR \u2013 to detect and mitigate Log4j attack attempts and scanning. It also has mitigation options that can be enabled for CloudFront, Application Load Balancer (ALB), API Gateway, and AppSync. It&#8217;s also currently updating all Amazon OpenSearch Service to the patched version of Log4j.&nbsp; <\/p>\n<p><strong>SEE: <\/strong><a href=\"http:\/\/www.zdnet.com\/topic\/a-winning-strategy-for-cybersecurity\/#link=%7B%22role%22:%22standard%22,%22href%22:%22http:\/\/www.zdnet.com\/topic\/a-winning-strategy-for-cybersecurity\/%22,%22target%22:%22_blank%22,%22absolute%22:%22%22,%22linkText%22:%22%3Cstrong%3EA%20winning%20strategy%20for%20cybersecurity%3C\/strong%3E%22%7D\"><strong>A winning strategy for cybersecurity<\/strong><\/a><strong> (ZDNet special report)<\/strong> <\/p>\n<p>NCSC <a href=\"https:\/\/www.ncsc.gov.uk\/news\/apache-log4j-vulnerability\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">recommends<\/a> updating to version 2.15.0 or later, and \u2013 where not possible \u2013 mitigating the flaw in Log4j 2.10 and later by setting system property &#8220;log4j2.formatMsgNoLookups&#8221; to &#8220;true&#8221; or removing the JndiLookup class from the classpath.&nbsp; <\/p>\n<p>Part of the challenge will be identifying software harboring the Log4j vulnerability. The Netherland&#8217;s Nationaal Cyber Security Centrum (NCSC) has posted a <a href=\"https:\/\/github.com\/NCSC-NL\/log4shell\/tree\/main\/software\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">comprehensive and sourced A-Z list on GitHub<\/a> of all affected products it is aware are either vulnerable, not vulnerable, are under investigation, or where a fix is available. The list of products illustrates how widespread the vulnerability is, spanning cloud services, developer services, security devices, mapping services, and more. &nbsp; &nbsp; <\/p>\n<p>Vendors with popular products known to be still vulnerable include Atlassian, Amazon, Microsoft Azure, Cisco, Commvault, ESRI, Exact, Fortinet, JetBrains, Nelson, Nutanix, OpenMRS, Oracle, Red Hat, Splunk, Soft, and VMware. The list is even longer when adding products where a patch has been released. &nbsp; &nbsp; <\/p>\n<p>NCCGroup has posted <a href=\"https:\/\/research.nccgroup.com\/2021\/12\/12\/log4shell-reconnaissance-and-post-exploitation-network-detection\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">several network-detection rules<\/a> to detect exploitation attempts and indicators of successful exploitation. <\/p>\n<p>Finally, Microsoft has released its set of indicators of compromise and <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">guidance for preventing attacks on Log4j vulnerability<\/a>. Examples of the post-exploitation of the flaw that Microsoft has seen include installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems. &nbsp; <\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Log4j vulnerability affects everything from the cloud to developer tools and security devices. Here&#8217;s what to look for, according to the latest information.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-44402","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-13T13:13:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Log4j zero-day flaw: What you need to know and how to protect yourself\",\"datePublished\":\"2021-12-13T13:13:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/\"},\"wordCount\":757,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/f9844f4ba249657b416e4340c1483cd10d367503\\\/2021\\\/04\\\/16\\\/a6a75218-3366-4758-affa-493811134a0d\\\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/\",\"name\":\"Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/f9844f4ba249657b416e4340c1483cd10d367503\\\/2021\\\/04\\\/16\\\/a6a75218-3366-4758-affa-493811134a0d\\\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2021-12-13T13:13:35+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/f9844f4ba249657b416e4340c1483cd10d367503\\\/2021\\\/04\\\/16\\\/a6a75218-3366-4758-affa-493811134a0d\\\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/f9844f4ba249657b416e4340c1483cd10d367503\\\/2021\\\/04\\\/16\\\/a6a75218-3366-4758-affa-493811134a0d\\\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log4j zero-day flaw: What you need to know and how to protect yourself\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/","og_locale":"en_US","og_type":"article","og_title":"Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-13T13:13:35+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Log4j zero-day flaw: What you need to know and how to protect yourself","datePublished":"2021-12-13T13:13:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/"},"wordCount":757,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/","url":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/","name":"Log4j zero-day flaw: What you need to know and how to protect yourself 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2021-12-13T13:13:35+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/f9844f4ba249657b416e4340c1483cd10d367503\/2021\/04\/16\/a6a75218-3366-4758-affa-493811134a0d\/gettyimages-cyber-dude-laptops.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Log4j zero-day flaw: What you need to know and how to protect yourself"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44402","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44402"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44402\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}