The vulnerability itself is somewhat trivial to compromise and extremely prevalent. Log4j has been used in a significant number of commercial products as well as in-house systems across thousands of enterprises. The vulnerability allows an attacker to send a specially crafted log message to execute arbitrary code on your systems. This could result in ransomware, cryptominers, data exfiltration and a plethora of other major issues.
To add flame to the fire, organisations that have patched to the recommended versions in the original vulnerability may still not be full protected against other, albeit less severe issues. We therefore recommend reviewing your assets further and ensuring where possible you are fully patched to version 2.17 of Log4j or have taken other mitigation steps.
Unfortunately we're still encountering a lot of businesses that fall into the categories of:
Believing they aren't affected without carrying out any kind of assessment/review
Weren't aware of the original or subsequent issues.
Have incomplete asset registers and have missed critical, vulnerable devices and services.
If the above applies to you, then we strongly recommend discussing with your IT team or Managed Service Provider about fully testing and remediating your environment, and potentially undertaking activities that assume that you have been breached.
Once again this issue highlights the need for comprehensive asset management to allow for rapid remediation. We've been assisting businesses with this process throughout, but the time to ensure you have an updated and comprehensive asset register is never in the middle of an incident.
CISA have collated a list of known affected vendors here
Thinkst Canary have released a free CanaryToken that can trigger an alert when inserted into vulnerable inputs
The CERT Coordination Center have made their scanner publicly available
There's a Burp extension to assist with scanning (by browsing your sites in Burp)
We've found this Log4Shell detector to be efficient at reviewing logs
If you need further assistance, or aren't sure what the next steps should be for your business, then please get in touch