NWG Security Alert - Log4j Vulnerability

Serious Log4j Security Flaw Puts The Entire Internet At Risk, Even iCloud  And Steam | HotHardware

Log4j Critical Vulnerability


On December 9, a new zero-day vulnerability was discovered in the widely used Java logging library Apache Log4j. This vulnerability is deemed “critical” because Log4j is widely used and this vulnerability is easily exploited. Cyber attackers are already taking advantage of this new vulnerability and are actively scanning the internet for vulnerable instances.

What you Need to Know

Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilizing the Java logging library. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java. Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there's a wide range of software that could be at risk from attempts to exploit the vulnerability.


The US Cybersecurity and Infrastructure Security Agency (CISA) has released a statement on this vulnerability, calling it a “severe risk.”


Cybersecurity researchers at Sophos have warned that they've detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability.

Mitigation and Remediation

The vulnerability can be remediated by an upgrade of Log4j to version 2.15.0. However, as Log4j is a component of many packaged services and software, you may need to wait for providers to release updates to their software before the threat can be eliminated. In the meantime, organizations can mitigate by deploying rules to block exploit traffic from all internet-facing services and make sure that their detection systems are able to detect and alert on this specific vulnerability.

NWG Manage Customers

For customers who have infrastructure devices managed by NWG,we have taken appropriate action to update any devices vulnerable to this exploit. Palo Alto, FortiNet, and Cisco have released IPS signatures to detect and block the exploit. These signatures are automatically updated to your device within 2 hours of release.

NWG Vulnerability Management (VMP) Customers

Your vulnerability management scanner has been updated to detect this vulnerability. NWG will be running an out-of-band scan for your in-scope devices today and will alert you to any devices that are vulnerable to this threat.

NWG Blumira Customers

Blumira is capable of detecting this exploit. If you receive any Blumira alerts related to this vulnerability, it is recommended that you take action immediately.

Questions?

NetWorks Group is here to help. Click the "Let's Talk" button on our homepage and schedule time to speak with one of our security experts.

Stay in touch. Never miss a security update from the team.

Security news, tips, webinars, and more straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.