Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

F-Secure & CybelAngel comment on team burnouts while dealing with the Log4j incident

December 2021 by F-Secure & CybelAngel

Experts comment’s the Log4j incident

Calvin Gan, Senior Manager with F-Secure’s Tactical Defense Unit comments the following around the idea of team burnouts while dealing with the Log4j incident:

“There’s plenty of activity surrounding the Log4j incident from patching to investigating if the organization has been breached. An angle to highlight relating to this incident is about how security analysts, developers and defenders, in general, could potentially burn out from the entire incident. The defenders are battling against time in patching affected systems (which is not as direct as simply upgrading), while also fending off exploitation attempts that have been increasing in recent days.

The ease of executing the exploit meant that the time to patch has been significantly shorter, combined with the different mass scanning attempts on the Internet by various entities, making it much harder for defenders to comb through the logs and identify potential breaches. While the full impact is currently unknown, it is anticipated that organizations would have to engage all available resources and work overtime to mitigate this vulnerability, while blocking potential attacks.”

Todd Carroll, CISO at CybelAngel comments the following on the Log4j issue:
“Log4j is only the last one of a long list of 0-day vulnerabilities that have the potential to cause significant damage to businesses. As usual in cybersecurity, the most difficult aspect is to protect against the unknown. Having to fix a potential issue in 0 days before it becomes a major attack vector would be a challenge for any IT security professionals out there. Protective solutions should be deployed all along the kill chain, starting at the recon phase, identifying and patching exposed assets that may be vulnerable. Strong recovery, battle-tested playbooks become of crucial importance as well.

At this time, we strongly recommend that organizations running Apache Log4j check for vulnerable versions in their environment and locations. They should block external-facing applications that use the vulnerable library until an updated version is released. Whenever possible, they should install the most recent version of Log4j and monitor for vendor patches as they become available. In addition, they should monitor traffic to and from application workloads that may be exploited due to this vulnerability.”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts