On Dec 9, 2021, security researchers published exploit details on a high risk vulnerability affecting the widely used software package Apache Log4j. Attackers can leverage this vulnerability to gain full control of affected internet-facing systems using simple attack methods, allowing for easier ransomware and malware deployment. Given widespread usage of Log4j, it’s not surprising to see security professionals label this as “the single biggest, most critical vulnerability of the last decade.”
While Apache has released a security fix, the Log4j vulnerability will likely pose danger to companies for years to come. Not only is comprehensive identification and mitigation of affected systems challenging, companies can remain vulnerable if a partner organization or software vendor used has yet to fully address their own Log4j vulnerabilities.
Paladin’s security team is actively working with clients to holistically address their Log4j vulnerabilities. All Paladin Shield users have access to:
- Automated exploitability assessments
- Scanning/detection tools to identify affected systems
- Protection against WebSocket based Log4J exploits
Paladin Shield v9.1.0 disables WebSocket (ws://, wss://) connections to private IP addresses and localhost unless the initiating webpage is also hosted on a private IP address or localhost. This fix will stop targeting of vulnerable Log4J services from a Paladin Shield secured browser while preserving functionality for internal web apps and developers. All Paladin Shield installations from the Chrome/Edge/Mozilla store will automatically update to the latest version.
Due to the severity of the Websocket based Log4j attack vector, we have also released WebSocket Log4j Exploit Immunizer as a free, open-source browser extension. This extension works in the background to protect users against WebSocket based Log4j exploits. WebSocket Log4j Exploit Immunizer is meant to be used as a complement to other remediation efforts. We strongly advise all companies to update all local and internet-facing environments to Log4j 2.17.0 at the earliest opportunity, deploy a web application firewall with Log4J rules, and thoroughly review/test environments for exploitability and indicators of compromise.
To learn more, please reach out to [email protected]