On December 9, 2021, Apache released a security advisory disclosing multiple zero-day exploits identified in a widely used Java logging library called Log4j.
The Log4j vulnerabilities allow threat actors to carry out unauthorized remote code execution (RCE) and/or unauthorized Denial of Service (DoS) attacks. Log4j is an open-source Java logging library widely used in many applications and services across the globe. The popularity of the Log4j Java logging library significantly increases the attack surface to an organization.
The Verizon Threat Intelligence Team (VTRAC) has found: “Some of the post-compromise activity as a result of the Log4j exploit has been the unauthorized installation of cryptocurrency miners, Remote Access Trojans (RATs), DDoS botnets, and ransomware.”
VTRAC is able to review an organization’s environment to assess whether assets are subject to the Log4j vulnerabilities, provides independent third-party validation of the risk associated with and the potential impacts of the Log4j vulnerabilities, and provide containment and recommendations for any response and mitigation.
During this webinar, you’ll learn how our VTRAC Log4j Assessment seeks to assess and:
Determine if the organization was subject to the Log4j zero-day vulnerabilities.
Help to inform the organization on decisions about the potential mitigation or investigatory actions that need to be taken.
Become aware of third party service providers running in the environment that are vulnerable to Log4j.
Provide independent third-party validation associated with the risk and potential impacts of the Log4j vulnerabilities.