13 Dec / 2021
Industry News
CVE: CVE-2021-44228
CVSS Score: 10 (Critical)
What Is Vulnerable?: Apache Log4j Version 2.15-rc1 or prior. (All version prior to 2.15-rc1 are vulnerable)
UPDATE 15/12: Latest 2.16 Patch fully disables JNDI and removes support for Message Lookups – https://logging.apache.org/log4j/2.x/download.html
What’s Happening?
A few nights ago, Alibaba’s Security team found a zero-day remote code execution vulnerability within Apache’s Log4j. Log4j is so ubiquitous even Apple and Amazon use it with their software stack. New Zealand’s CERT team warned journalists that they have seen this vulnerability exploited in the wild and there are proof of concepts available to threat actors. Log4J earned the infamous CVSS score of 10 from the National Vulnerability Database.
A favourite amongst Java developers, Log4j is an easy way to log for error checking within any environment it can be deployed in. Log4j has an extra couple of steps before logs get written to disk. It analyses incoming logs and checks for a $ character. If this $ is found, the logger knows to go in and change information. There is one pattern that is vulnerable to remote code execution. $(jndl:ldap This will perform a lookup to the LDAP server and deploy the malicious code found.
What You Can Do
Rapid7 have deployed new detection rules in InsightIDR to identify Log4j vulnerability potentially occurring:
Cythera continues to monitor all managed clients and detection capabilities we have in place will likely detect any post-exploitation activities related to this vulnerability
The Ugly Side of ISO 27001 Compliance. What Happens if You Get it Wrong?
We’re going to be candid and frank here. ISO 27001 audits, and any cybersecurity compliance audits at all, can be hard to achieve and stressfu…
Read MoreWhy Cythera partners with CrowdStrike to help customers achieve ACSC’s Essential Eight Level 1
Developed by the Australian Signals Directorate (ASD), The Essential 8 (E8) is a prioritised list of mitigation strategies designed to help Aust…
Read MoreHow to Prevent Ransomware Attacks
How to Prevent Ransomware Attacks Ransomware incidents are becoming prolific in Australia. We’re seeing an increased amount of businesses com…
Read More