1. Introduction In the past several days, a serious Log4j vulnerability ( CVE-2021-44228 ,  CVE-2021-45046 ) has nearly led to a perfect storm in the Internet world. As a widely used Java logging utility with an easily exploitable vulnerability, Log4j has no doubt made IT professionals and companies nervous and many questions have been raised – What is this vulnerability? How can I know if our system is vulnerable? Has my IT infrastructure already been breached? What can I do to prevent future attacks leveraging this vulnerability? At  Stellar Cyber , we have been closely monitoring the situation, and we are here to provide our takeaways and advice to our current and prospective customers and partners as they navigate through the uncertainties brought by this Log4j vulnerability. 2. Impact and Mitigation According to  CVE-2021-44228 , any Apache Log4j2 prior to v2.15.0 is affected by the vulnerability due to an unchecked string interpolation with  Java Naming ...