AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Apache tomcat log4j vulnerability3/19/2023 In fact, they are acting silently behind the scenes. While the activity as we write these lines is limited to scanners and mostly crypto mining threat actors, it does not mean more advanced threat actors are just sitting back enjoying the noise activity. What’s next?Ĭheck Point Research is thoroughly investigating the Log4j vulnerabilityĬheck Point Research (CPR) closely monitors the massive scans and exploit attempts. We thoroughly verified that the vulnerability does not affect our Infinity portfolio including Quantum Gateways, SMART Management, Harmony Endpoint, Harmony Mobile, ThreatCloud and CloudGuard. The Check Point Infinity architecture is not impacted by the Log4j. Is Check Point affected by the Log4j vulnerability? We urge IT and Security teams to take immediate remediation measures on the matter. ![]() Otherwise, you need to implement a new protection by following the guidelines here. ![]() If your Quantum gateways are updated with automatic new protections, you are already protected. Watch on demand the Log4j Vulnerability Webinar – Everything you need to know What do you need to do in order to remain protected?Ĭheck Point already released a new Quantum Gateway protection powered by Threat Cloud, designed to prevent this attack, and by using it- you’ll stay protected. Customer web applications remain safe as the security auto updates without the need for human intervention or rule sets, as the app and threat landscape evolve and expands. Leveraging contextual AI, the platform provides precise prevention of even the most sophisticated nascent attacks, without generating false positives. It means that one layer of protection is not enough and only multi layered security posture would provide a resilient protection.Ĭheck Point’s Infinity Platform is the only security platform that offered pre-emptive protection for customers against the recent Log4j exploit (Log4Shell). The number of combinations of how to exploit it give the attacker many alternatives to bypass newly introduced protections. Since Friday we witnessed what looks like an evolutionary repression, with new variations of the original exploit being introduced rapidly- over 60 in less than 24 hours.įor example, it can be exploited either over HTTP or HTTPS (the encrypted version of browsing). The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft and more.Īt present most of the attacks focus on the use of a cryptocurrency mining at the expense of the victims, however under the auspices of the noise more advanced attackers may act aggressively against quality targets. It used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.Įxploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks. On December 9 th, an acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228).Īpache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. Last updated: 01:30 AM PST What happened? ![]() For any questions or inquiries concerning the Log4j vulnerability please email
0 Comments
Read More
Leave a Reply. |