That’s why it’s a good idea to test your protection to validate it’s working as expected while you work on system patching. However, screening for Log4j attacks is decidedly nontrivial. But given the realities of holiday staffing and system uptime demands, patching may be difficult to expedite - so WAFs and Next-Gen Firewalls will be called into service as front-line protection until system vulnerabilities are directly addressed. Given the severity, 10 out of 10, of the vulnerability and the widespread exploitation attempts we are seeing in the wild, it’s extremely important to mitigate the threat as quickly as possible. At this moment, network and security teams are racing to mitigate the threats to their systems via a combination of updating to Log4j 2.15, the latest version of the software, and enabling screening protection on perimeter devices. There are plenty of sources for that online. We’re not trying to fully document the technical aspects of the attack here. It enables arbitrary code execution on a target’s system.It affects JNDI library, which is incredibly widespread.So, why is everyone so worried about Log4j? In short, there are three factors combining to make this a “perfect storm” of a vulnerability: You can read all the gory details documented in CVE-2021-44228, but here’s the bottom line: this has the potential to be really, really bad. Over the last 72 hours or so, most of the cybersecurity world has become aware of the Log4j / Log4Shell zero-day vulnerability and its widespread impact on most web servers, cloud applications, internet appliances, and embedded devices. ![]() If you are interested in how Keysight can validate your perimeter security protection from Log4J, read on. If you are looking for information about Log4J impact on Keysight products, please visit our Product and Solution Cyber Security page. This leads to remote code execution attacks where exploitation is easy.Log4J / Log4Shell: Is Your Network Safe? Find Out for Free with Keysight
0 Comments
Leave a Reply. |