Defending Against Log4j Vulnerabilities

In December 2021, a vulnerability in the open source Log4J logging service used by developers to monitor their Java applications first came to light and many leaving enterprises scrambling to patch affected systems.

Analysis from Microsoft has revealed details of a security flaw in SolarWinds Serv-U software, which was being exploited by malicious actors to launch attacks leveraging the Log4j bugs to compromise targets. 

Consequently, there remains a strong possibility that criminal hackers can avoid detection by staying hidden inside networks, waiting for the right moment to strike, as with the highly damaging and widespread SolarWinds exploit.  In particular, the risk of concealed Log4j vulnerabilities means that effective measures are required to reduce the frequency of disruptive events and to control the degree to which they cause damage.

Using up to date technology and cyber security tools both play a valuable role in protecting an organisation, however, management need to look at the defensive controls they have in place if they want to strengthen their cyber security and prepare for other similar persistent vulnerabilities.

Important Steps To Improve  Security

Diverse Teams:   Women and minority groups are heavily under-represented in the field, and that needs to change not only to help relieve the skills shortage but also to create higher performing teams

Outsourcing:   The skills gap in cyber security has been discussed for years, but unfortunately, it’s only becoming more acute and current predictions say there will be 3.5 million unfilled cyber security jobs by the end of 2021. Consider bringing on a managed service provider to help bolster your team. 

Training:   The most critical skills you need to train for are incident response and crisis management. Every  employee must be vigilant and play an active role in ensuring a more secure enterprise. Provide employee cyber education training, and not turn a blind eye to other weak links in the chain. 

Technology:    There is a wide range of innovative work and cyber security tolls being developed that help businesses protect their infrastructure, assets, employees, and customers. But technology is not sufficient by itself -  building proactive, effective cyber security mindset among employees is equally important. 

Open Source Software:   Organisations should understand the extent to which they rely on open source software and tools and test them before running them on any production environment. 

If there is no change to the software installed on the server, it is not necessary to run Log4j scanners to detect the presence of Log4j. However, vulnerability assessment scans should be conducted periodically as part of any vulnerability management process.

For Advice and Recommendations on Employee Cyber Security Training please Contact: Cyber Security Intelligence. 

Microsoft:    Arent Fox:   Computing:    Venturebeat:     Flilboard:     Computer Weekly:   

Politico:     Security Boulevard

You Might Also Read: 

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution:

 

« Auto-Redirects: A Harmful Detour
Ransomware Attack On Moncler »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

Synoptek

Synoptek

Synoptek is a global systems integrator and managed IT services provider (MSP). We offer comprehensive IT management and consultancy services to organizations worldwide.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.