Defending Against Log4j Vulnerabilities

In December 2021, a vulnerability in the open source Log4J logging service used by developers to monitor their Java applications first came to light and many leaving enterprises scrambling to patch affected systems.

Analysis from Microsoft has revealed details of a security flaw in SolarWinds Serv-U software, which was being exploited by malicious actors to launch attacks leveraging the Log4j bugs to compromise targets. 

Consequently, there remains a strong possibility that criminal hackers can avoid detection by staying hidden inside networks, waiting for the right moment to strike, as with the highly damaging and widespread SolarWinds exploit.  In particular, the risk of concealed Log4j vulnerabilities means that effective measures are required to reduce the frequency of disruptive events and to control the degree to which they cause damage.

Using up to date technology and cyber security tools both play a valuable role in protecting an organisation, however, management need to look at the defensive controls they have in place if they want to strengthen their cyber security and prepare for other similar persistent vulnerabilities.

Important Steps To Improve  Security

Diverse Teams:   Women and minority groups are heavily under-represented in the field, and that needs to change not only to help relieve the skills shortage but also to create higher performing teams

Outsourcing:   The skills gap in cyber security has been discussed for years, but unfortunately, it’s only becoming more acute and current predictions say there will be 3.5 million unfilled cyber security jobs by the end of 2021. Consider bringing on a managed service provider to help bolster your team. 

Training:   The most critical skills you need to train for are incident response and crisis management. Every  employee must be vigilant and play an active role in ensuring a more secure enterprise. Provide employee cyber education training, and not turn a blind eye to other weak links in the chain. 

Technology:    There is a wide range of innovative work and cyber security tolls being developed that help businesses protect their infrastructure, assets, employees, and customers. But technology is not sufficient by itself -  building proactive, effective cyber security mindset among employees is equally important. 

Open Source Software:   Organisations should understand the extent to which they rely on open source software and tools and test them before running them on any production environment. 

If there is no change to the software installed on the server, it is not necessary to run Log4j scanners to detect the presence of Log4j. However, vulnerability assessment scans should be conducted periodically as part of any vulnerability management process.

For Advice and Recommendations on Employee Cyber Security Training please Contact: Cyber Security Intelligence. 

Microsoft:    Arent Fox:   Computing:    Venturebeat:     Flilboard:     Computer Weekly:   

Politico:     Security Boulevard

You Might Also Read: 

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution:

 

« Auto-Redirects: A Harmful Detour
Ransomware Attack On Moncler »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.