December 13, 2021
Webinar Series: Purple Teaming - Validating Detection & Response Capabilities
On December 9, a new zero-day vulnerability was discovered in the widely used Java logging library Apache Log4j. This vulnerability is deemed “critical” because Log4j is widely used and this vulnerability is easily exploited. Cyber attackers are already taking advantage of this new vulnerability and are actively scanning the internet for vulnerable instances.
Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilizing the Java logging library. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java. Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there's a wide range of software that could be at risk from attempts to exploit the vulnerability.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a statement on this vulnerability, calling it a “severe risk.”
Cybersecurity researchers at Sophos have warned that they've detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability.
The vulnerability can be remediated by an upgrade of Log4j to version 2.15.0. However, as Log4j is a component of many packaged services and software, you may need to wait for providers to release updates to their software before the threat can be eliminated. In the meantime, organizations can mitigate by deploying rules to block exploit traffic from all internet-facing services and make sure that their detection systems are able to detect and alert on this specific vulnerability.
For customers who have infrastructure devices managed by NWG,we have taken appropriate action to update any devices vulnerable to this exploit. Palo Alto, FortiNet, and Cisco have released IPS signatures to detect and block the exploit. These signatures are automatically updated to your device within 2 hours of release.
Your vulnerability management scanner has been updated to detect this vulnerability. NWG will be running an out-of-band scan for your in-scope devices today and will alert you to any devices that are vulnerable to this threat.
Blumira is capable of detecting this exploit. If you receive any Blumira alerts related to this vulnerability, it is recommended that you take action immediately.
NetWorks Group is here to help. Click the "Let's Talk" button on our homepage and schedule time to speak with one of our security experts.
Security news, tips, webinars, and more straight to your inbox.
