This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library.
Companies have been warned to be on high alert over the holiday season for cyberattacks and other security flaws.
We have been inundated with queries from our customers
regarding the recently discovered Apache Log4J vulnerability.
It presents a
critical risk to businesses, as if the organisation has an Internet-facing
service that is vulnerable, it can allow an Internet-based attacker or malware
to gain instant access to the vulnerable service, which could allow an attack
to be pivoted into the internal network. This is currently rated with the
highest CVSS risk score of 10.
Therefore, we are currently offering a
rapid test for this specific vulnerability with our Partner Secure Team, which comprises of a targeted scan
of your Internet-facing infrastructure with our automated tooling and
custom-written scripts. To allow us to deliver these tests both quickly and
cost-effectively, we are not issuing a full written report; however, the
testing will be followed by a summary email to advise if the organisation’s
network is vulnerable and what the recommended course of action should be.
Currently, we are offering this Apache Log4J
Vulnerability Assessment at a lowered cost, with the results
being sent back to you in the same day.
If you would like to book this test in, please confirm
via email We have availability this side of Christmas for these tests, but this is
becoming very limited.
We can also offer Free Lifetime Protection Against Log4js Check Point Software
As part of our commitment to keeping our cyber world safe, we're offering a free month's access to CloudGuard AppSec, robust protection against Log4j attacks. No patches, no remediation - pre-emptive, precise prevention with no admin overheads and just hours from learning to active protection. Unlike traditional rule-based WAFs, AppSec uses an automated WAF which relies on contextual AI to build a risk score for every web request, rather than signature matching and rule sets. When there's a zero-day attack, security patching can't keep up, but CloudGuard AppSec's machine learning approach means that our customers will always remain ahead of the attackers.