“Log4J and Log4 Shell Vulnerability Assessment, Impact & Risk Assessment, Remediation, Patching, Real Time Vulnerability Managed Service” for the Enterprise customers.

Log4J/Log4Shell. The latest vulnerability is causing a cybersecurity meltdown in the security community.

We have been talking about it all year on Supply Chain attacks and it has gone down in history as one of the most sophisticated and far reaching cyberattacks.

And now, it is perhaps going to be trumped by Log4J/Log4Shell vulnerability, and the attacks that will exploit it.

What is Log4J?
Log4J is an Apache open-source logging Java library. It is used in enterprise systems and web apps. It is so widely used that you can expect many of your applications, web apps and services are making use of it.

What is the Log4Shell exploit?
An attacker can simply send a malicious code string that gets logged by Log4j version 2.0 or higher. The exploit allows an attacker to take control of a server by loading arbitrary Java code. Apache Foundation announced this as a critical zero-day vulnerability CVE-2021-44228

What is the Remedy?
Apache Foundation has released a patch update which can be found here. If you’re the author of the app, you should use that link to secure your system. You should also be in touch with all your application vendors to determine if they are using Log4Shell and whether they are providing an update to their application.

Can CyberForza help with Log4J/Log4Shell vulnerability?
For sure! Firstly, the CyberForza application itself was not impacted as we don’t make use of this library.

Secondly, there has already been a few patch updates released by Apache. If you are not enthusiastic about applying numerous updates throughout your organization which is time consuming and has its own risks then CyberForza’s remediation capability with zero impact will certainly help.

CyberForza is a Real-Time Security Configuration, Vulnerability and Risk Management platform giving you continuous visibility of all your PCs and Servers (including cloud workloads) and then remediating the issue, rapidly, automatically and without breaking anything else along the way

CyberForza already supports Log4j/Log4Shell Vulnerability detect and remediation with in-depth Defense approach as Managed Service as follows:

1. CyberForza accurately discovers all instances of Log4J on all your PCs and Servers. Other scanning tools have shown to not be fully accurate. With CyberForza, we find them all.

2. CyberForza can then proactively remediate by repairing the vulnerability without the need to patch the update from Apache, thereby eliminating the risk for all applications.