Check Point called it a true cyber pandemic. Looking at the stats shared by Check Point, it looks like the story of Log4Shell is not going to end any time soon. To support this, Cloudflare, a CDN provider, disclosed attacks on the newly found CVE-2021-45046 vulnerability on Wednesday. Now, companies are not left with any choice except upgrading to 2.16.0. We highly recommend upgrading log4j to v2.16.0 without any delays. Those who are using the third-party applications, please ask the respective vendors to provide the update as soon as possible. We are now in such a critical situation that you don’t have the time to wait until vendors roll out updates. You should take some precautionary measures to protect your network from the Log4Shell vulnerability. Let’s see how to protect your network from Log4Shell attacks.
Table of Contents
New Data Exfiltration Vulnerability In Log4j 2.15.0:
After the discloser of the new CVE-2021-45046 vulnerability, which lets attackers perform denial of service attacks on the victim machine, researchers from praetorian revealed a new flaw in Log4j 2.15.0 that allows attackers to exfiltrate sensitive data from the victim machine. The technical details are not disclosed to the public. The research group said it has shared the technical details with Apache Foundation. Following that, the team released a small video clip that shows the new data exfiltration vulnerability in Log4j 2.16.0.
How To Protect Your Network From Log4Shell Attacks?
Considering the latest development on the Log4Shell vulnerability. We urge you to upgrade your Log4j to the latest available version. If you have this vulnerability on the third-party apps, immediately contact the respective vendors and ask them to release updates or follow their guidelines.
Now the situation is not good to wait for their updates. It is good to implement some preventive measures to protect your application and network before attackers break your shells. Let’s see how to protect your network from Log4Shell attacks.
- Block the Log4Shell IOCs on your firewalls, Proxies, EndPoints, and any security monitoring solutions and keep track of them if any connection is established/observed with them in the Infrastructure.
- Isolate the suspected system from the network and keep monitoring the activities.
- Configure your Vulnerability scan tools like NexPose, Nessus, or QualysGuard and run automated Vulnerability scans.
- Disable JNDI on all the servers running Log4j. If unable to disable Log4j, then block all the JNDI requests to untrusted servers.
By implementing these few tips, you can protect your network from Log4Shell attacks. This is not the ultimate solution. You should upgrade Log4j to the latest version in your build or implement all the recommendations shared by your vendor.
We hope this post would help you learn How to Protect Your Network from Log4Shell Attacks. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.