Select your location
Austria

Austria

Czech Republic

Czech Republic

Germany

Germany

Italy

Italy

The Netherlands

The Netherlands

Romania

Romania

Log4j security vulnerabilities

What you need to know and how to protect yourself

The Log4j vulnerability, also referred to as CVE-2021-44228 or Log4Shell, is extremely dangerous, as Log4j is used in internet facing services and software. As such, the hackers can exploit the vulnerability remotely. In Germany the authorities already gave out a code red warning for service outages due to this vulnerability.

What is log4j and how bad is the news?

Early December 2021, a new “remote code execution” vulnerability, also referred to as CVE-2021-44228 or Log4Shell, has been disclosed for log4j.

Log4j vulnerability explained

Am I impacted?

Log4j vulnerability is a new critical threat that's going to affect cybersecurity.

Understanding impact of log4j vulnerability

What are solutions?

A patch has been released to fix the log4j vulnerability, but doesn't protect for future vulnerabilities.

EDR as strategic solution

Explore how Cegeka can help

We monitor 24x7 EDR alarms and will take immediately the appropriate containment actions. Our team of Security Advisors also help you decide on the most effective mitigation for your infrastructure.

Contact us directly

 

What is log4j and how bad is the news?

On December 9, a new “remote code execution” vulnerability, also referred to as CVE-2021-44228 or Log4Shell, has been disclosed for Log4j. Log4j is by far the most popular piece of software used for logging purposes in applications built on Java. This is extremely problematic as Log4j is often part of internet facing services and software, so relatively easy to exploit remotely.

If attackers manage to successfully exploit this vulnerability on one of your servers, they gain the ability to potentially take full control of the system. Detection and exploitation of this vulnerability by malicious actors is already happening, since the exploitation software is publicly available.

On top of that, there was a second problem found, called CVE-2021-45046 where hackers could execute a DOS (Denial of Service) attack, making the server useless without breaking into the server.

 


 

Am I impacted?

There are two ways to check whether or not your company has been impacted:

Manual verification
Verifying manually which versions of the software are installed on your servers. This can be a tedious endeavor, since the Log4j software can be part of software, so it can be hard to find.

Using a vulnerability management service or tool
With Vulnerability Management you can scan a server or service and uncover potential vulnerabilities, like Log4J. This can be done using network scanners are agents installed on servers.

 


 

What are solutions?

Fortunately, a patch has been released to fix the Log4j vulnerability. We advise to upgrade to version 2.17 to be protected against the vulnerability and DOS attack. However, patching does not guarantee that the server was not infected beforehand and the hacker is already inside.

Therefore, we strongly recommend installing Endpoint Detection & Response (EDR) as well in case:

  1. Mitigation (patching) is delayed or impossible.
  2. After the patching to check that there is no malicious activity happening on your infrastructure.

Endpoint Detection & Response is a strategic solution which can also protect for future vulnerabilities. We advise to go for a managed solution, since the EDR alarms need to be looked at 24x7, so attacks are contained immediately.

 


About Cegeka

Security in close cooperation

Our approach combines the scale of a managed security provider with the proximity of security expertise ensuring our capability is adapted to your context and incident response is most effective. A phased and modular approach allows to adapt our solutions to different requirements and budgets.

We are a one-stop-shop in security

From assessment to detection and response, our unique combination of 24/7 human and automated analytics ensures a full-scale approach to your cybersecurity.

A proven track record

We apply use cases from all clients to continuously build and improve our security intelligence. That means you profit from the expertise gathered through all our clients.

We are technology agnostic

We’re not tied down to one or a few tech partners. We select and apply leading technologies and innovative tools, you can count on A-grade security.