Innovation Showcase Ep.2: Identifying Log4j Vulnerable Assets & Assessing Risks

Presented by

Craig Johnson Jr, Thomas Raschke

About this talk

On December 9, 2021, Apache released a security advisory disclosing multiple zero-day exploits identified in a widely used Java logging library called Log4j. The Log4j vulnerabilities allow threat actors to carry out unauthorized remote code execution (RCE) and/or unauthorized Denial of Service (DoS) attacks. Log4j is an open-source Java logging library widely used in many applications and services across the globe. The popularity of the Log4j Java logging library significantly increases the attack surface to an organization. The Verizon Threat Intelligence Team (VTRAC) has found: “Some of the post-compromise activity as a result of the Log4j exploit has been the unauthorized installation of cryptocurrency miners, Remote Access Trojans (RATs), DDoS botnets, and ransomware.” VTRAC is able to review an organization’s environment to assess whether assets are subject to the Log4j vulnerabilities, provides independent third-party validation of the risk associated with and the potential impacts of the Log4j vulnerabilities, and provide containment and recommendations for any response and mitigation. During this webinar, you’ll learn how our VTRAC Log4j Assessment seeks to assess and: Determine if the organization was subject to the Log4j zero-day vulnerabilities. Help to inform the organization on decisions about the potential mitigation or investigatory actions that need to be taken. Become aware of third party service providers running in the environment that are vulnerable to Log4j. Provide independent third-party validation associated with the risk and potential impacts of the Log4j vulnerabilities.

Related topics:

More from this channel

Upcoming talks (10)
On-demand talks (370)
Subscribers (48054)
We deliver the promise of the connected world. In today’s rapidly transforming environment, we integrate, secure and operate the networks, and mobile technologies that help businesses and governments around the globe expand reach, increase productivity, improve agility, and maintain longevity. Our solutions across Connectivity, Security and Advanced Business Communications are designed to help enterprises pursue new possibilities and create entirely new revenue streams – more efficiently than ever.