Apache Log4J

Cyber Advisors has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications:

1. Discover all internal assets that use the Log4j library. Clients should review the affected system's database to identify vulnerable applications and systems.  If the affected product is in one's environment, we recommend applying patches (testing them in a lower environment, if possible) and/or contacting the vendor for patches. Not all vendors will be able to quickly turn around patches to address zero-days, in these cases we recommend being consistent with communications for updates on patch releases and workarounds.

2. Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack. Cyber Advisors Security Department is offering to conduct several specialized external scans to report if there are services behind current defense system that can be visible to hackers outside of your network. Cyber Advisors combined these external scans in one package at a cost of $995.00. An outcome of this scan is a detailed report and recommendations tailored to your environment.

3. Assume compromise, identify common post-exploitation sources and activity, and hunt for signs of malicious activity.

4. Update or isolate affected assets. Continue monitoring the updates for the applications and systems that exist within your network. 

    

If there is an interest in the external scans offered by Cyber Advisors, please reach out to us with your contact information to initiate the scheduling process.

MORE FROM OUR BLOG

Cyber Advisors specializes in providing fully customizable cyber security solutions & services. Our knowledgeable, highly skilled, talented security experts are here to help design, deliver, implement, manage, monitor, put your defenses to the test, & strengthen your systems - so you don’t have to.