Log4j Attack- Cyber security

Critical vulnerability

Dorota Gibiino 16 December 2021

Log4j or Log4Shell vulnerability

This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library.

Companies have been warned to be on high alert over the holiday season for cyberattacks and other security flaws.

We have been inundated with queries from our customers regarding the recently discovered Apache Log4J vulnerability.

It presents a critical risk to businesses, as if the organisation has an Internet-facing service that is vulnerable, it can allow an Internet-based attacker or malware to gain instant access to the vulnerable service, which could allow an attack to be pivoted into the internal network. This is currently rated with the highest CVSS risk score of 10.  

secure team primenetTherefore, we are currently offering a rapid test for this specific vulnerability with our Partner Secure Team, which comprises of a targeted scan of your Internet-facing infrastructure with our automated tooling and custom-written scripts. To allow us to deliver these tests both quickly and cost-effectively, we are not issuing a full written report; however, the testing will be followed by a summary email to advise if the organisation’s network is vulnerable and what the recommended course of action should be.  

Currently, we are offering this Apache Log4J Vulnerability Assessment at a lowered cost, with the results being sent back to you in the same day.    

If you would like to book this test in, please confirm via email We have availability this side of Christmas for these tests, but this is becoming very limited.

We can also offer Free Lifetime Protection Against Log4js
Check Point Software

As part of our commitment to keeping our cyber world safe, we're offering a free month's access to CloudGuard AppSec, robust protection against Log4j attacks. No patches, no remediation - pre-emptive, precise prevention with no admin overheads and just hours from learning to active protection. Unlike traditional rule-based WAFs, AppSec uses an automated WAF which relies on contextual AI to build a risk score for every web request, rather than signature matching and rule sets. When there's a zero-day attack, security patching can't keep up, but CloudGuard AppSec's machine learning approach means that our customers will always remain ahead of the attackers.

If this of interest, please email us.

Read more about how Primenet can help with your Cyber Security.