Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Financial institutions are a rich target for cybercriminals, who scoop up sensitive personal information that allows them to open fake accounts and fraudulent lines of credit. According to research from services firm Accenture and the Ponemon Institute, the average annualized cost of cybercrime to financial institutions exceeds $18 million.

Earlier today, a serious flaw was discovered in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was apparently disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j.

Log4j zero-day vulnerability is flooding the security updates/news everywhere. This issue has been named Log4shell and assigned CVE-2021-44228 (still awaiting analysis at the time of writing).

Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Earlier this week I saw quite a few posts on Twitter mentioning AWS outages. Certainly caused a few issues.

On December 10th, 2021, the National Vulnerability Database (NVD) published the CVE-2021-44228 documenting a vulnerability in the Apache log4j library Java Naming and Directory Interface (JNDI) lookup feature allowing for remote code execution by an attacker who is able to manipulate log messages. A proof of concept was released on December 9th, 2021, and active scanning and exploitation attempts have increased through the time of the publishing of this brief.

A previously unknown zero-day vulnerability in Log4j 2.x has been reported on December 9, 2021. If your organization deploys or uses Java applications or hardware running Log4j 2.x your organization is likely affected.

Here’s the reality: hybrid and remote work are here to stay. This means access to your corporate data can now come from anywhere, on any device and any network. In order to tackle this new norm, Gartner has defined a new cybersecurity framework called Secure Access Service Edge (SASE).

The way in which we respond to email security risks needs to change. It’s no longer a case of reinforcing the network perimeter. The risks are now far more complex and nuanced, driven by human behaviour. From every conversation we have, Security and IT leaders tell us that people: These are a combination of both inbound and outbound threats but what they have in common is that they are human-activated risks – there’s a person behind each of them.

To understand how Elastic is currently assessing internal risk of this vulnerability in our products please see the advisory here.