Published: December 13, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
It’s all the rage today and it's not just a current trend. If you work in information technology, anywhere in the world, forget about holiday cheer and put a hold on the online shopping. It’s time to patch your servers. CISA issued a warning about a critical and potentially very dangerous zero-day vulnerability affecting Apache web servers. Some are calling it the worst computer vulnerability seen in many years. The even worse news is that it’s being actively exploited and could allow the attackers to take control of any device it infiltrates. It was first noticed in the game Minecraft, owned by Microsoft and played by millions of people, many of them children. It’s time to scramble to patch those systems. And that’s the good news. There is a patch.
The vulnerability, being called “Log4Shell,” was reported to the Apache Software Foundation, which oversees the development of the software, by the Chinese firm Alibaba. The Apache group immediately started working on a fix, so now it’s available to all who use Apache…and there is a long list that includes Amazon, Apple, and Twitter.
While end users will need to rely on their vendors to take care of this issue, vendors should also be letting users know what they are doing to resolve this. CISA provides other suggestions for organizations, while they are working on applying the patch to their systems.
Determine any external facing devices that have Log4Shell installed.
Make sure that the security operations center is noting every single alert on the devices that fall into the category above.
Install a web application firewall (WAF) with rules that automatically update so that your security personnel are able to concentrate on fewer alerts.
The updated version of log4j is version 2.15.0 and should be installed with the utmost priority. This is not to be taken lightly, but should be bumped to the top of the IT or cybersecurity department’s priority list. Proof of concept code has been published and is being used as you read this. More information can be found by referring to CVE-2021-44228 or checking the Apache advisory.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com