Attackers are actively exploiting a remote code execution vulnerability found in the logging package log4j2 which is used in most Java applications. A program is vulnerable if it logs user input using the log4j2 package: the most popular logging solution used within Java. Since developers tend to log almost everything for debugging purposes, almost all applications will log user input.
All an attacker has to do is send a single line of text to a vulnerable application. Once the application logs this line of text, the payload inside the text will be retrieved by the system and executed. The attacker will be able to remotely execute code on the computer hosting the application. There are already multiple proof of concepts of the attack available on the internet. The vulnerability doesn't only affect systems directly connected to the internet, but also backend systems. If attackers attempt to exploit the vulnerability on web servers, it's possible that this exploit will end up at backend servers. If any of these backend servers contain a vulnerable Java application processing user input it could result in an attacker executing code on your backend servers.
All versions starting from 2.0-beta9 till 2.15 of the package log4j2 are vulnerable. log4j versions 1.x aren't vulnerable, but have reached end of life since August 2015 and should therefore not be considered as safe.
- Update log4j2 to version 2.17.0 or higher (requires access and restart). Versions for older Java versions (6 or 7) are available on the Apache.org website.
If you cannot update your log4j2 library, there are some mitigation options available. The Apache.org website has a list here.
This vulnerability may affect you in several areas. Products you use may be affected, but also applications developed internally and SaaS applications in the cloud. Most major SaaS vendors have taken appropriate measures by now.
Hundreds of products are vulnerable to the Log4Shell vulnerability. Affected vendors include FortiNet, Dell, Apache, Microsoft, N-Able and VMware. The National Cyber Security Centre (NCSC) of the Netherlands has published a list of all the affected software. Use this list to determine if your organisation is using any vulnerable software, and if so, ensure to update it as soon as an update is made available.
If your company (or one of your IT suppliers) develops custom Java software, such as web applications, check if log4j2 is used within the product. If so, the version of log4j2 should be updated to the latest version.
Microsoft Teams Chat is being exploited for phishing attacks. In this blog, we share why Microsoft Teams Chat is being targeted, how to respond to and mitigate these cyber attacks and how your IT team can prevent similar cyber attacks from happening in the future.
Entrepreneurship is inherently associated with taking risks, and the digital world is full of them. Learn what is Risk Intelligence and how can it help protect your business.
Our blog series showcases specific hunts, including identifying unnecessary RDP access, monitoring Bitlocker usage for ransomware attacks, and exploring the impact of malicious advertisements.
Employee absenteeism is rising among IT managers and employees, as are burnout rates in this professional category. So how can we bring cybersecurity to management's attention and take the proper measures?