Log4j Vulnerability Requires Immediate Acti …
If your organization hasn’t yet upgraded to log4j version 2.15.0, or followed the recommendations given by software vendors, it’s vital to do so immediately, according to a statement issued by Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA) for the Department of Homeland Security.
Log4j, which was officially uncovered on December 9, 2021, is a vulnerability in the Apache Log4j Java logging library, according to a security advisory from Cisco. CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell.”
In its efforts to get ahead of this zero-day vulnerability, CISA is working with public and private sector partners to determine the impact of the exploits, which is now being widely used by a variety of bad actors, according to the statement. Easterly called on vendors to stay on top of the patches and update their users with required updates.
“To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.”
CISA recommends asset owners take three additional, immediate steps regarding this vulnerability:
1. Enumerate any external facing devices that have log4j installed.
2. Make sure that your security operations center is actioning every single alert on the devices that fall into the category above.
3. Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts.
While experts are still weighing the impact of the Log4j zero-day vulnerability, its worth considering that even if an organization doesn’t use java, it’s likely that a vendor, cloud host or web server provider does, according to CISO Naomi Buckwalter, a long-time member of the Data Connectors cybersecurity community.
One of the biggest issues with log4j is that the exploit is extremely simple and doesn’t take an experienced hacker to execute, she wrote in a LinkedIn post.
“This exploit is not only publicly known, the barrier to entry is LOW. Anyone, including your 5yo playing Minecraft, can use this exploit. It’s as simple as typing in a few characters into a chat box,” Buckwalter wrote.
“Go through EVERY app, website, and system that you own/use that talks to the internet. This includes self-hosted installs of vendor products and cloud-based services. Focus on systems that are internet-facing that contain sensitive data, secrets, etc. Focus on older ‘legacy’ vendors,” she wrote.
One important thing to consider, according to Buckwalter, is that home routers are susceptible to this vulnerability, so its important for IT teams to help their members who are working from home.
Bloomberg News reported that the vulnerability was initially found by an Alibaba software developer in late November and reported to Apache. The developer’s organization, Alibaba Cloud, has been suspended from an information sharing partnership by regulators for six months for reporting the issue to Apache prior to reporting it to the Chinese Ministry of Industry and Information Technology, according to reports from ZDNet.
Recent news posts
What the Crypto Crash Means for Cyber Crime
Scaling, Improving and Automating Your GRC Strategy
CISA Issues Emergency Directive 22-03, Encourages VMware Updates
Cyber Fraud Task Force: Weekly News Update
Cloud Computing, Data Protection Top List of In-Demand Skills: ISACA Annual Report
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.