In August 2021, the article “Observability in 5 minutes” said: “Cybersecurity, as we discussed last time, will dominate news headlines in the coming months. As such, along with adding context to collected telemetry data, security will emerge as an instrumental component of observability.”
Over the past year, some of those listed observability software vendors have developed sophisticated security observability solutions. Nevertheless, your arsenal against cyberattacks and vulnerabilities should not stop there.
In addition to security observability, organizations should implement Denial of Service (DoS) and Web Application Firewall (WAF) protection, proactive scanning and other best practices; which include an audit of applications and infrastructure, VPN-capable network security firewalls (lockdown IPs/ports), security keys, multi-factor authentication, auto-updates, end-to-end encryption, remote backups and put in place incident response plans. With the emergence of recent exploits, we will be focusing on noteworthy solutions, tools and resources specific to the Log4j vulnerabilities.
Log4j Zero-Day Vulnerability (Log4shell)
On December 9, 2021, the Alibaba Cloud Security Team published a zero-day vulnerability involving arbitrary code execution in Log4j given the descriptor “Log4Shell”. Tenable has characterized it as “the single biggest, most critical vulnerability of the last decade”. The Apache Software Foundation (ASF) released a security advisory on the remote code execution vulnerability (CVE-2021-44228) affecting its Log4j Java-based logging utility. The vulnerability was rated critical severity and assigned a CVSS score of 10/10 by MITRE.
Shortly after that, attackers began exploiting the Log4j vulnerability, prompting government cybersecurity institutions worldwide, including the United States Cybersecurity and Infrastructure Security Agency (CISA), Austria’s Computer Emergency Response Team (CERT), National Cyber Security Center (NCSC) of the Netherlands, UK’s NCSC and others to issue alerts advising organizations to patch their systems immediately.
In the last few days, several new vulnerabilities – CVE-2021-45046, a DoS/RCE flaw that was fixed in v2.16.0, CVE-2021-45105 a DoS hole plugged in v2.17.0 and CVE-2021-4104 an RCE vulnerability affecting Log4j v1.2 – have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j v2.15.0.
Log4j Vulnerability Solutions, Tools and Resources
Beyond patching Log4j’s vulnerabilities, I’ve compiled a list of links I’ve come across over the past week while also securing and provisioning clients against Log4j’s exploits and future threats. This alphabetical list includes a mix of free resources, open-source tools and paid solutions. Please share this page. You may also submit suggestions in the comments section or using the contact me form.
1 – 10
- Armis – Protection against the Log4j vulnerability.
- AWS – protect against, detect, and respond to the Log4j vulnerability. +AWS firewall Log4j Mitigations.
- Bitdefender – Mitigate the log4j vulnerability risk to your infrastructure.
- BlackBerry – BlackBerry® Cyber Suite and BlackBerry® Guard mitigate log4j risks.
- Bleepingcomputer – List of vulnerable products and vendor advisories.
- Cisecurity.org – sign up for email notifications. (Also here.)
- CISA – Apache Log4j Vulnerability Guidance and log4j-affected DB.
- Cisco – Defend against Apache Log4J exploit with Cisco.
- Cloudflare – WAF rules to mitigate log4j exploit.
- Crashtest-security.com – Log4j vulnerability scanning.
11 – 20
- Crowdstrike – Protects customers from threats delivered via Log4Shell.
- Fastly – Fastly Signal Sciences WAF rule for CVE-2021-44228.
- Forescout – Forescout Can Help Mitigate Log4shell.
- Fortinet – Tactical steps to mitigate the latest log4j cybersecurity attacks.
- Fox-it log4j-finder – Find vulnerable Log4j2 versions on disk and inside Java Archive Files.
- Google Cloud – Google Cloud and Chronicle solutions for “Log4j 2” vulnerability (gcat).
- Infragard – from the Federal Bureau of Investigation (FBI). Register/signup.
- Intruder.io – Log4j vulnerability scanning and mitigation.
- Jfrog – Log4shell remediation using the JFrog Platform.
- Local log4j vuln scanner – local scanner for vulnerable log4j instances written in Go.
21 – 30+
- Lunasec.io – Automatic patching service and mitigation.
- Microsoft – Microsoft security solutions help protect against and detect Log4j attacks.
- NCC Group – 24/7 Log4j exploit emergency incident response.
- NCSC-NL log4shell resource – Operational information regarding the vulnerability in Log4j.
- NSE log4shell – Nmap NSE scripts to check against log4shell or LogJam vulnerabilities.
- Palo Alto Networks – Defense for Apache Log4j Vulnerability.
- Praetorian – advanced attack management platform.
- Rapid7 – Log4j Vulnerability response.
- Rubo77 Log4j checker beta – a fast check if your server could be vulnerable to CVE-2021-44228.
- Tenable – Latest research and insights on CVE-2021-44228 (log4shell).
- Trendmicro Tester – Log4j Vulnerability Tester.
- Upguard – third-party risk and attack surface management.
Cybersecurity: Next Steps
Start with a detailed audit and scanning of all applications, infrastructure and networks, Denial of Service (DoS) and Web Application Firewall (WAF) protection, VPN-capable network security firewalls, security keys, multi-factor authentication, auto-updates, end-to-end encryption, remote backups and set up incident response plans.
How does your team use technology to provide powerful layers of protection against the Log4j exploits and the prevailing rise in cyberattacks?
(Refresh this page, as it continues to be updated)