On Friday, December 10th, 2021 CVE (Common Vulnerabilities and Exposures) reported a critical vulnerability in the Apache Log4j Library, which CVE has ranked as a severity level 10 out of 10. This potentially affects millions of businesses, governmental and educational institutions. It is clear that cybercriminals have already begun exploiting this vulnerability.

The Apache Foundation has recommended that all developers update their Java libraries, and if that is not possible, other mitigation tactics may be found on the ApacheLog4j security vulnerabilities page.

Our security systems at SECNAP are not affected by this vulnerability because we do not use this Java library in our systems. Additionally, our CloudJacketX IDS/IPS platform is monitoring for this vulnerability and associated exploit indicators, and we will be alerting our customers if we discover Log4j related activity within their networks. We also recommend to customers who have not recently performed security assessments, pen testing, or internal and external scanning to contact us at support@secnap.com

SECNAP’s security operations centers will continue to monitor this situation as it progresses and will provide additional information as it develops.

If you have any questions, please contact us at support@secnap.com