Log4j: The Gift That Keeps on Giving (Shells)

Posted on December 14th, 2021

 

**Update 15 December 2021: Updated guidance for Log4j updates/upgrades can be found here.

Christmas came early for some hackers while creating a nightmare scenario for defenders. CISA and its partners through Joint Cyber Defense Collaborative recently published some data regarding the vulnerability in Apache’s Log4j software.  The vulnerability, CVE-2021-44228 / “Log4Shell”, allows for a critical remote code execution (RCE) vulnerability by an unauthenticated attacker.  The Log4j software is embedded within a significant number of popular applications – including the Mars 2020 Helicopter Mission!  The prevalence and dependence on this software likely means that this vulnerability will be hanging around well after this holiday season.

CISA has responded by creating a web page for guidance as well as a community sourced repository that provides status descriptions and a software list of vendor-supplied advisories. 

CISA Log4j Vulnerability Guidance (GitHub)

BPL has a long history of providing robust cybersecurity solutions in various work environments: remote, in person, and hybrid and are prepared to address this recent vulnerability. We have been hard at work ensuring our customers are secure while doing what we do best to build, protect, and learn from this recent incident.

Whether you have been affected, or are not sure if you have been, we can help. Reach out to us today to help you respond.