About Us | Contact Us
View Cart

Log4j Vulnerability

By Vigilize | Wednesday, December 15, 2021 - Leave a Comment

infotex and Log4j


We are keeping our Clients’ safety in mind.


To all infotex managed security service Clients:

On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we could further determine if they were impacted by the vulnerability.

The applications we proactively disabled were:
– Microsoft Cloud App Security (MCAS) SIEM Agent, used for monitoring Microsoft 365 logs
– Elasticsearch, Logstash, and Kibana services, part of our SIEM 3 beta stack

We later determined that the MCAS SIEM Agent and Kibana were not impacted by the vulnerability however Elasticsearch and Logstash were. As such, the MCAS SIEM Agent has been re-enabled and we will be patching the Elastic Stack before re-enabling it on our systems.

We also implemented multiple IDS signatures that detect exploit attempts and automatically block the source addresses for all our managed service clients with IPS. That being said, due to varying attack techniques our signatures at this time may not provide fully comprehensive coverage (we are updating them as more threat intelligence becomes available).

Like many other vendors we recommend reviewing your own software installations for potentially vulnerable applications if you have not already (the second and third links below have good lists that are being continuously updated). Apply vendor security patches and/or implement mitigation strategies as soon as possible. Lastly, please contact our SOC team if you have any other questions or investigative requests.

Additional References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/#affected-products
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592


same_strip_012513


 

Latest News
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
    Top 7 Trend Articles of 2022. . .  . . .For ISOs of Small Financial Institutions. Welcome to our annual T7 article:  a list of our favorite trend articles from the past year.  Our intent: help you organize your thoughts as you work through your strategic planning process.  We hope reviewing these articles will help […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS Dateline: Dayton, IN, July 26, 2022 infotex is proud to announce a new convention sponsorship with the Bluegrass Community Bankers Association. Headquartered in Kentucky, BCBA protects the Kentucky community banking industry through legislative efforts at the State level and in coordination with the ICBA at the national level. […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]
    Today we present a special BONUS awareness poster for YOUR customers (and users).  This update to the April 2022 Awareness Poster takes some cues from the Dan’s New Leaf article: Why Local? Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the […]
    Awareness is 9/11’s of the battle, if we use it! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . One of my old college buddies hates banks.  He was turned down for a loan a long time ago and just can’t let go.  I actually […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE SERVICE NEWS Dateline: Dayton, IN, June 22, 2022 We are proud to announce that infotex will now be supporting Endpoint Detection and Response (XDR/MDR)! We can manage/monitor solutions you already have or offer one as part of our service while still maintaining a segregated response posture. In recent years […]
    Over 85 percent of surveyed companies report having no  centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government.  […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]