Due to an actively exploited zero-day vulnerability:
https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html
This bug is a 10 of 10 on the CVSS rating from the article a snippet:
Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects versions Log4j 2.0-beta9 up to 2.14.1. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue.
Update on 12/14/21 – This is a new image from govcert.ch with a good overview of the attack angles of Log4J
This of course means that I received an email from Graylog (an open source server which shows that they have an update for this public
Zero-day vulnerability). Graylog Update for Log4J
The links below will take you to the Graylog updates for all supported versions of Graylog.
So what does this mean in reality for all of us running servers and systems across the internet?
It means what it always does:
A combination of EOL and patching end Of life means that a system needs to be upgraded, a zero-day vulnerability means you have to update ASAP if a patch will fix things. Are you on version Graylog 2.0? did you think you had months to update? Not anymore – patch and update sooner than later.
If you do not think this is important then maybe you will once ransomware is installed in one of your machines.
Like for the Kronos Cloud outage due to Ransomware.
UKG, Kronos’ parent company, said the vital service will be out for “several weeks” and urged customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
“Some people on Twitter are blaming the small businesses, who are victims here, for not having a backup plan in place for payroll. I feel that’s crap; you are outsourcing your payroll to a company that is supposed to have contingency plans in place for you,” Liska said.
The company would not answer questions about which ransomware group was behind the attack.
Of course I do not profess to know more than the news story (for Kronos)- which does not say that Log4J is the reason – but it very well could have and we also know that the attackers are more sophisticated than the defenders in many situations.
Buy the book to help you decide and get going on making cybersecurity more important in your environment!!