Log4shell Vulnerability Update

December 15, 2021 | Cybersecurity
Robert Hall

Written by
Robert Hall

markus-spiske-L2cxSuKWbpo-unsplash

Over the past few days, we have been contacted by a number of partners asking us to confirm whether our vendors have been impacted by the Log4shell vulnerability.

The Log4j flaw allows attackers to remotely execute code on a target computer, allowing them to steal data, install malware or take control. Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure.


This is obviously been a concerning issue for a lot of partners due to the nature of the vulnerability so we have been in contact with each of our vendors and have the following responses:

Bluedog:

We are not impacted, the log services we are using are not exposed to the public world. All elastic services used have been patched or mitigated to avoid exploitation.

CyberSmart:

With regards to the statement, we would look to point in the direction of the NCSC guidance.

https://www.ncsc.gov.uk/news/apache-log4j-vulnerability

We can also confirm that we do not use Log4j in our products

Heimdal Security:

“Heimdal™ Security has acknowledged the existence and inherent criticality associated with the use of the log4j logging framework. Consequentially, we would reassure our customers and business customers who are using Heimdal™ web-based services that the log4j vulnerability does not impact the quality of our service nor the data integrity, or the client’s privacy.

https://mailchi.mp/heimdalsecurity.com/heimdal-confirms-log4j-vulnerability-does-not-impact-customers?e=e1006b02c6 

Hornetsecurity:

Hornetsecurity already detects the malicious exploit string in emails, but so far has not observed attackers using emails directly as attack vectors. The cases that have been observed so far (besides security companies and customers testing for the vulnerability), come from web forms containing the Log4Shell exploit, for which the owner of the web form then received a notification email containing the fields of the form, which then obviously contained the exploit string.

Hornetsecurity is monitoring emails for CVE-2021-44228 exploitation patterns and will constantly expand detection to adapt to new obfuscations in preparation for potential targeted email campaigns using the Log4Shell exploit.

https://www.hornetsecurity.com/us/threat-research-us/red-alert-log4j/ 

Keeper Security:
Keeper Response to CVE-2021-44228

Based on a recent public disclosure, our security team has researched the vulnerability regarding an open-source Java logging library developed by the Apache Foundation called Log4j (vulnerability number CVE-2021-44228).

Keeper Enterprise software is not subject to a cyberattack vulnerability, based on the affected library. However, as a precaution and to maintain the most modern and secure libraries, we have updated all Keeper infrastructure with the latest Log4j version. We have published a security update to Keeper SSO Connect On-Prem Version 16.0.2 and Keeper Automator Version 1.0.5.

KnowBe4:

KnowBe4 is aware of the recent log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We can confirm that no KnowBe4 products are affected by this at this time and therefore no actions are required to be taken by our customers.

https://blog.knowbe4.com/log4j-vulnerability-knowbe4-not-affected 

Redstor:

The Log4Shell vulnerability applies only to Log4j v2 and above and affected only an internal component of Redstor's backend Data Management Platform that is not publicly exposed to the Internet. This has been mitigated by upgrading to log4j v2.1.5.

https://support.redstor.com/hc/en-gb/articles/4413624900881 

Retruster:
“We can confirm that we were not affected, and have taken measures to ensure ongoing security, including updating with the latest Amazon AWS software updates that were released specifically to address this.”

Untangle:

NG Firewall uses log4j version 1.2.16 which is not affected by this vulnerability.

SD-WAN Router does not use log4j and is unaffected.

The cloud environment used to facilitate Command Center functionality does use log4j and Untangle updates this component on a regular basis. Log4j was updated to the latest version shortly after the vulnerability and the associated update became public.

https://support.untangle.com/hc/en-us/articles/4415840308375-CVE-2021-44228-Log4Shell 

Recommended Reading

NHS hit by a ransomware attack on third-party software service provider

NHS hit by a ransomware attack on third-party software service provider.   A ransomware attack on a ...

An interesting twist in ransomware

You've probably heard about the recent ransomware attack on Wootton Upper School and Kimberly College, both ...

How a layered approach to security can help your customers save on cyber insurance

"An attacker only needs to succeed once to compromise their target, whereas the target must succeed 100 ...