Delinea, a leading provider of solutions that extend Privileged Access Management, acquires Authomize. Learn More

Authomize Blog

Log4Shell — Preparing for What Comes Next

We’re now at about the two week point after news of the vulnerability in the Apache Foundation’s Log4j logging tool for Java, dubbed Log4Shell, splashed into the headlines. 

23/12/2021 • Gabriel Avner

Read more

Authomize’s Response and Mitigation Guide to the Log4Shell Vulnerability

We can’t give you your weekend back, but we’ve pulled together a quick and dirty briefing on everything you need to know to secure your organization…

12/12/2021 • Gabriel Avner

Read more

Download
Solution Brief

Learn how Authomize's solution is changing the way companies are managing authorizations

Download

If you work in InfoSec, then you’ve already had quite the weekend. Or lack thereof. 

We can’t give you your weekend back, but we’ve pulled together a quick and dirty briefing on everything you need to know to secure your organization from the Log4j aka Log4Shell vulnerability.

Reach out to Authomize for any questions on how to mitigate your risk from this vulnerability, we now offer a FREE Log4Shell Software and Application Scan,  please share the resources provided here below. 

Is Authomize Vulnerable?


No. We’ve checked.

What is Log4j?

An extremely common Java logging library used and packaged in many online software components including many Apache Foundation products and Elasticsearch.

What Happened?

Log4j was found to be vulnerable to a format string code execution bug that was not disclosed and patched in a coordinated manner. 

This bug utilizes JNDI capabilities that enable attackers to carry out a Remote Code Execution (RCE). This type of attack on JNDI has been known for at least seven years, if not longer.

The bug (CVE-2021-44228 aka as Log4Shell) causes the vulnerable component (which embeds Log4j) to actively connect to the internet, fetch the malicious code, and run it. 

The result is that many apps and software components you might be using are vulnerable. Many organizations are already being targeted by hackers attempting to exploit the situation.

How to Remediate — Step-by-Step Guide

  1. Patch Now

    1. Determine if you have potentially vulnerable components in your products.
      1. Here is a list of vulnerable components we know of. Stay tuned for updates as it will likely grow.
      2. You can try Authomize for free and we will send you a report of the relevant components we can discover. This report should be considered an initial review, so further work with your dev team is required.
    2. The quickest and simplest fix is described under “mitigation” in the official log4j page, which only takes a quick command on the vulnerable server. However, it is highly advised to take the time afterwards and upgrade to fixed versions
    3. Best practices call for blocking outbound access (incl. DNS!) from internal services in your IaaS. Following this guideline should mitigate against risks from the vulnerability in Log4j.
  2. Address Supply Chain Risks

    1. Verify which of your XaaS vendors and vendors connected to your XaaS systems are vulnerable and may have already been compromised. Start with this list and stay tuned for more names to be added. 
    2. Get your employees to change their organizational passwords for the products of those vendors. 
    3. Monitor and coordinate with your vendors’ incident response coordinators for additional updates.
  3. Incident Response

    1. If you have vulnerable components/vendors, initiate an incident response process as soon as possible.
    2. Monitor the apps and service principals of the vulnerable app/component.
    3. Authomize can provide you with immutable activity logs in your apps and infrastructure (where supported).
  4. General Reaction

    1. It is always a good idea to turn on MFA everywhere. It is even more important in the wake of the expected major leaks of passwords and account information.
    2. Encourage that all user passwords are changed. Password reuse from personal accounts is a real and present danger. 
    3. Try to ramp up your “conditional access” (or whatever your vendor calls that capability) settings to increase device trust requirements for connecting to apps. 

How Authomize Can Help

How to Contribute 

Do you have any threat intelligence/info about affected vendors and/or components that can help others in the community stay secure. Go to our GitHub repo and make a pull request to contribute. 

Stay Tuned

We will continue posting updates on our LinkedIn and Twitter channels, as well as issuing alerts and notifications to customers directly, so stay tuned for more info as this story develops. 

Get Your Free Log4Shell Software and Application Scan