News item | 13-12-2021 | 19:43
The yesterday published github list with applications vulnerable as a result of the serious vulnerability in Log4j appears to be one of the most complete lists internationally. The pages about IoCs and scanning and mitigation tools already contain a lot of useful information. We are of course proud of this and thank everyone who contributed to it. We call on you to continue to share additional information.
–
The nature of the Log4j vulnerability makes it complex for the NCSC to gain insight into abuse of the vulnerability. Limited active abuse has been observed in the Netherlands. The NCSC considers it conceivable that misuse can lead to major consequential damage. The NCSC calls on organizations to prepare for abuse. For this reason, we have also adjusted the action perspective.
–