Attackers are actively exploiting a remote code execution vulnerability found in the logging package log4j2 which is used in most Java applications. A program is vulnerable if it logs user input using the log4j2 package: the most popular logging solution used within Java. Since developers tend to log almost everything for debugging purposes, almost all applications will log user input.
All an attacker has to do is send a single line of text to a vulnerable application. Once the application logs this line of text, the payload inside the text will be retrieved by the system and executed. The attacker will be able to remotely execute code on the computer hosting the application. There are already multiple proof of concepts of the attack available on the internet. The vulnerability doesn't only affect systems directly connected to the internet, but also backend systems. If attackers attempt to exploit the vulnerability on web servers, it's possible that this exploit will end up at backend servers. If any of these backend servers contain a vulnerable Java application processing user input it could result in an attacker executing code on your backend servers.
All versions starting from 2.0-beta9 till 2.15 of the package log4j2 are vulnerable. log4j versions 1.x aren't vulnerable, but have reached end of life since August 2015 and should therefore not be considered as safe.
- Update log4j2 to version 2.17.0 or higher (requires access and restart). Versions for older Java versions (6 or 7) are available on the Apache.org website.
If you cannot update your log4j2 library, there are some mitigation options available. The Apache.org website has a list here.
This vulnerability may affect you in several areas. Products you use may be affected, but also applications developed internally and SaaS applications in the cloud. Most major SaaS vendors have taken appropriate measures by now.
Hundreds of products are vulnerable to the Log4Shell vulnerability. Affected vendors include FortiNet, Dell, Apache, Microsoft, N-Able and VMware. The National Cyber Security Centre (NCSC) of the Netherlands has published a list of all the affected software. Use this list to determine if your organisation is using any vulnerable software, and if so, ensure to update it as soon as an update is made available.
If your company (or one of your IT suppliers) develops custom Java software, such as web applications, check if log4j2 is used within the product. If so, the version of log4j2 should be updated to the latest version.
Sustainability. Growth. Digitalisation. These are the words everyone’s using about the logistics landscape of 2023. But what do they mean for individual businesses – and for security?
Multi-Factor Authentication (MFA) is not sufficient. Various attacks, such as EvilProxy, can bypass MFA. Here, we discuss how you can defend yourself.
Software and operating systems are constantly evolving. Those that are no longer maintained - such as Window Server - may be hiding unmitigated security vulnerabilities within your business. Proactively assessing your infrastructure strengthens your security posture and your resilience against cyber threats.
Vishing attacks (voice phishing attacks) are getting more sophisticated. In this article, we cover the details of a real vishing attack that we prevented. Includes digital forensics, incident response, mitigation and prevention measures and IoC lists.