www.coretek.com
Open in
urlscan Pro
70.38.42.203
Public Scan
URL:
https://www.coretek.com/blog/mitigate-apache-log4j
Submission: On February 18 via manual from US — Scanned from CA
Submission: On February 18 via manual from US — Scanned from CA
Form analysis
0 forms found in the DOMText Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again. Accept Decline AMS * Commercial * Government Toggle navigation * Search * Solutions * Smart Cloud * Smart Workspace * Smart Enterprise * Smart Managed Services * Partners * Resources * Events * Videos * News * Blog * Case Studies * Industry * Healthcare * SaaS * Manufacturing & Automotive * Retail * Offers * Security Assessment * Windows 365 Jump Start * App Modernization Assessment * Microsoft Endpoint Management Quick Start * Modern Data Warehouse Workshop * View All Offers * About * About Coretek * Air Tight Guarantee * Why Azure With Coretek * Awards * Coretek Cares * Careers * Contact AMS Login * Commercial * Government Search Home / Resources / Blog / How to Mitigate Your Risk from Apache Log4j HOW TO MITIGATE YOUR RISK FROM APACHE LOG4J Dec 16, 2021 ONGOING ADVISORY UPDATES 2021-12-17 Coretek continues to monitor the Apache Log4j vulnerability and will continue to work with our customers to mitigate the risk revolving around this exploit. Although information about this vulnerability may continue to evolve, Coretek will stay up to date with the latest information from reliable sources (linked below) as it is released. The breadth of impact the Apache Log4j vulnerability can have on exploited systems is substantial, and Coretek will continue to provide updates to Coretek customers on an ongoing basis. THREAT SUMMARY Since the Apache Log4j (or Log4Shell) began circulating on December 9, 2021, The breadth of impact the Apache Log4j vulnerability can have on exploited systems is substantial. Apache Log4j, also known as Log4Shell, is a Java-based logging library embedded in many software products like Amazon, Broadcom, Cisco, Cloudera, Splunk, and VMware, for example, that Coretek Customers may use daily. This RCE vulnerability creates a conducive opportunity for a possible attack that hackers can use to exploit a remote code execution, which can run arbitrary code on a targeted machine or system. This type of attack on public-facing systems can deploy various malware, ranging from Crypto Miners to Trojan Backdoors and Ransomware payloads within the system that is running the vulnerable software. This vulnerability is tracked as CVE-2021-44228, and is an unauthenticated RCE vulnerability allowing a complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1. Apache addressed the exploit with the release of Log4j 2.15.0; however, researchers discovered CVE-2021-45046 on December 14, 2021, in Log4j 2.15.0 that could result in a denial of service (DoS) attack in some non-default configurations. We recommend updating to Log4j version 2.16.0 to remediate both CVE-2021-44228 and CVE-2021-45046. WHAT CORETEK IS DOING FOR CUSTOMERS Coretek is actively running scans for this exploit for all customers with vulnerability scanning agreements in place. Additionally, Coretek is reviewing and patching the software that is managed on their behalf when feasible. CORETEK RECOMMENDATIONS MONITOR SOFTWARE VENDOR SECURITY PATCH ADVISORIES FOR LOG4J Vendors are reviewing their tools and releasing vendor-specific patches as they become available. Coretek strongly advises that you: * Monitor software vendor security advisories * Cross-reference several sources for accuracy * Address these vulnerabilities and any related vulnerabilities identified after this content is published for remediation The Cybersecurity and Infrastructure Security Agency (CISA) uses the GitHub community-sourced repository to centralize publicly available vendor advisories. Please note that this list may not be comprehensive and will continue to be updated as new information is made available. CONDUCT VULNERABILITY SCANS & UTILIZE SCRIPTING If you are unsure if your company is running Log4j in your environment, Coretek recommends conducting privileged vulnerability scans (Credentialed or Agent) to assess the level of risk of this exploit to your environment. Additionally, we recommend tracking some of the latest versions of scripts being released to find Log4j that vulnerability and inventory scanners may have missed. REMOVE LOG4J FROM THE VULNERABLE DEVICE(S) Verify if the software is needed by another application. If Log4j is not needed, uninstall it. It is possible that servers may be hosting software that is no longer needed. Removing unneeded software will protect the device from this and any future vulnerabilities related to Log4j. PATCH VULNERABLE SOFTWARE Coretek advises customers running older versions of Log4j in their environment (where Coretek does not manage the application) to upgrade to the current patched version, as more bugs are being discovered. Please note that Operating System (OS) or system-level patches may or may not update Log4j, so verify that the applications that use Log4j are updated to use the most current library. ENHANCE NETWORK SECURITY Ensure your perimeter firewalls have the latest signatures for blocking the known Indicators of Compromise (IOCs) for attacks against Log4j. Because of the amount of attack traffic, due diligence is warranted to verify that all systems are protected. Confirm that you have adequate network security by enrolling in detection and response platforms with monitoring. Most importantly, be sure your incident response plans and remediation/recovery plans are updated and ready for action in case of an issue. UPDATE YOUR DETECTION AND RESPONSE PLATFORM Coretek recommends updating your detection and response platform to ensure detection of real-time Indicators of Compromise and Indicators of Attack (IOCs/IOAs) of a compromised system if something is missed during the scans. REFERENCES & ADDITIONAL RESOURCES If you are a Coretek customer, and have questions about Coretek remediation actions or your support agreements, or are a visitor who would like more information, please get in touch here. Apache Log4j Security Vulnerabilities Arctic Wolf - Important Update on Critical Log4j Vulnerability - CVE-2021-44228 Bleeping Computer - New zero-day exploit for Log4j Java library is an enterprise nightmare Bleeping Computer - All Log4j, logback bugs we know so far and why you MUST ditch 2.15 Broadcom - Apache Log4j Zero-Day Being Exploited in the Wild CISA - Apache Log4j Vulnerability Guidance NIST NVD CVE-2021-44228 Detail Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 GitHub - cisagov / log4j-affected-db Splunk - Log4Shell - Detecting Log4j Vulnerability (CVE-2021-44228) Continued VMware - VMSA-2021-0028 & Log4j: What You Need to Know -------------------------------------------------------------------------------- Address 34900 Grand River Avenue, Farmington Hills, MI 48335 844-4CORETEK (844-426-7383) 844-4CORETEK (844-426-7383) Privacy Policy Copyright © 2022 Coretek Services | Website by NYN Web+Marketing | Powered by Web OS Warning It appears that your web browser has an option called "Enable JavaScript" disabled. This means that certain pages on our website will not function properly for you. Enabling JavaScript on your browser will be slightly different depending on what browser you use. Below are some links to browser-specific documentation about enabling JavaScript. Please click here when you've finished enabling it. Mozilla (Firefox) Users: click here Internet Explorer Users: click here — Coretek Services Attention Ok