The Log4j vulnerability affects everything from the cloud to developer tools and security devices.
A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. Part of the challenge will be identifying software harboring the Log4j vulnerability.
Vendors with popular products still vulnerable include Atlassian, Amazon, Microsoft Azure, Cisco, Commvault, ESRI, Exact, Fortinet, JetBrains, Nelson, Nutanix, OpenMRS, Oracle, Red Hat, Splunk, Soft, and VMware.
Microsoft has released its set of indicators of compromise and guidance for preventing attacks on Log4j vulnerability. Examples of the post-exploitation of the flaw that Microsoft has seen include installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.
It is used in enterprise software applications, including those custom applications developed in-house by businesses, and forms part of many cloud computing services.
Any device exposed to the internet is at risk if it’s running Apache Log4J. The vulnerability can be exploited reliably and without authentication.
What do do to mitigate the attack?
Identify devices running software harboring the Log4j vulnerability and upgrade.
Update and apply the appropriate patches provided by vendors.
Set up alerts for probes or attacks on devices running Log4j.
Keep Backups current
What can you do if this happens?
If you find your network has been compromised, immediately shut down.
Identify the breach and type of virus or malware present.
Identify any data possibly compromised or stolen and inform appropriate parties.
Rebuild the network from a known clean backup
Liam Tung, ZD Net
Log4j zero-day flaw: What you need to know and how to protect yourself | ZDNet