Happy Monday everyone! At least, I hope it's a happy Monday. For most of you, you are deeply concerned about the news around the Log4j crisis over the weekend. And, for many of you, you have been deep in attempting to figure out how much of your environment is exposed to this zero-day exploit.As you know this newsletter delivers bi-weekly on Fridays - except, as noted last issue that the newsletter would not deliver until the new year due to the holidays and my taking time off to spend time with family and friends.So, this newsletter issue is definitely an out-of-band experience. But with the ongoing effort to identify and control the Log4J outbreak, I believe it’s important to deliver this newsletter now instead of waiting until January 7th.There’s still a lot of awesome, accumulated and curated content in this newsletter issue below, but the focus here is more about getting all of you the necessary information about how to deal with Log4j with Microsoft Defender for Cloud....Our own guidance Microsoft security teams have put together the following guidance and resources to help customers understand this vulnerability and to help detect and hunt for exploits:Microsoft Security blog describing the nature of current attacks Microsoft is observing. The blog also contains guidance on how to use Microsoft security products to detect and hunt for malicious activity, and apply protections: Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitationRiskIQ (acquired by Microsoft in August 2021) published threat intelligence article to the community portal with information about the vulnerability and exploitation of it, as well as detections and mitigations: CVE-2021-44228 Apache Log4j Remote Code Execution VulnerabilityMicrosoft 365 Defender threat analytics article with detection information and potential impacts to customer environments: Threat Insights: CVE-2021-44228 Log4j active exploitation (sign in is required)And, Melvyn Mildiner, Senior Content Developer at Microsoft, has just posted a great explanation of how Defender for Cloud works to help customers identify Log4j.How Defender for Cloud finds machines affected by Log4j vulnerabilities...Not sure, what Log4j is?In its simplest terms, a zero day vulnerability in Log4j (also now known as “Log4Shell”) can allow unauthenticated remote code execution and access to servers. Researchers have reported that there are 100 attempts to exploit this vulnerability a minute, leading to hundreds of thousands of attempts since it was discovered just a few days ago - but that it has probably been an active exploit for some time before it was publicly disclosed.NewScientist explains it this way…Almost every bit of software you use will keep records of errors and other important events, known as logs. Rather than creating their own logging system, many software developers use the open source Log4j, making it one of the most common logging packages in the world.Not having to reinvent the wheel is a huge benefit, but the popularity of Log4j has now become a global security headache. The flaw affects millions of pieces of software, running on millions of machines, which we all interact with.Read the rest: Log4j software bug is ‘severe risk’ to the entire internet...As noted last issue, I’m taking time off for the holidays and this newsletter will return in force in January, but I thought - with everything going on - it was appropriate to send this out-of-band edition.The rest of this newsletter issue is the normal fare.Talk soon.-Rod