3 min read

Incidence Response Notification: log4j

Featured Image

Update from 12/21

The team at RoundTable has continued to scan and enumerate (e.g. discover) any presence of the log4j vulnerability across our customer environments.

We are happy to report that we have NOT found any indications of compromise on any customer endpoint as yet.

 

 

Across many thousands of endpoints under RoundTable management, we have discovered a small percentage (~2%) of endpoints with presence of the log4j vulnerability. This does NOT mean the endpoints have been compromised, but it does mean they are vulnerable to compromise until remediated.

Where appropriate, we are patching and initiating restarts of these endpoints to mitigate the vulnerability without any customer action required.

Here’s a critical point: If an individual workstation, even one on a protected network, has the log4j vulnerability present, it can be exploited by merely getting the individual to visit a malicious website. That would most likely happen by clicking on a link in a phishing email or social media message.

RoundTable is reaching out to every single individual on whose workstation we have discovered the presence of the log4j vulnerability. If RoundTable contacts you, please respond as soon as you are able. This will allow us to coordinate remediation efforts promptly.

Thank you for your cooperation and attention to this important matter.

Update from 12/17

With the help of our partner, Datto, the security researcher, Florian Roth, and the incredibly hard work of our own team, RoundTable has managed in just a few days to scan the vast majority of workstations, laptops and servers across our customer environments for presence of the log4j vulnerability and/or any indications of compromise.

Please note that we have NOT found any indications of compromise on any customer endpoint as yet.

Across many thousands of endpoints under RoundTable management, we are discovering a small percentage (~2%) of endpoints with presence of the log4j vulnerability. This does NOT mean the endpoints have been compromised, but it does mean they are vulnerable to compromise until remediated.

Where appropriate, we are patching and initiating restarts of these endpoints to mitigate the vulnerability without any customer action required. We will also be reaching out to affected customers in the coming hours/days to coordinate remediation efforts where client action is required.

If RoundTable contacts you, please respond as soon as you are able. This will allow us to coordinate remediation efforts promptly.

Thank you for your cooperation and attention to this important matter.

Update from 12/13

We want to keep you updated on what we’ve been doing to ensure the security of your systems since we first learned of the log4j vulnerability last week. RoundTable is continuing to monitor this situation closely and work with our partners to determine which systems are impacted and, if so, what action(s) need to be taken to secure these systems.

 

 

One of our partners, Datto, has provided us with a tool that helps with enumeration (discovery of assets potentially vulnerable to log4j) and mitigation. Our security team is working diligently to identify all impacted assets across all our customers as swiftly as we can.

Where possible, we are patching and restarting assets to mitigate the vulnerability without any customer action required.

If RoundTable contacts you to request a restart of one or more of your systems, please respond as soon as you are able. This will allow us to coordinate with you to ensure any disruptions to your services are understood and expected.

If you receive communications from one of your vendors informing you of action required on your part and you are not sure what to do, please contact us at (207) 370-4647 or open a support ticket via our online support page.

If you are not aware, or wish to learn more about the log4j vulnerability, here is a link to the most recent information from CISA (The Cybersecurity Infrastructure and Security Agency), but the basics are as follows:

What Happened: A 0-day exploit was released for log4j—a Java-based logging utility that's part of the Apache Logging Services project. It is used by millions of systems worldwide to process logs.

Impact: People are comparing this to Heartbleed, which had a significant impact, but log4j is potentially even worse since it has the possibility of allowing direct and immediate harm in the form of password/key extractions and RCE (Remote Code Execution).

Affected Systems: Still Developing, but here is a current list of known affected systems.

As always we are dedicated to your security, please contact us if you have any further questions or concerns.

NY SHIELD Act Compliance Checklist for Nonprofits

The New York SHIELD Act (“SHIELD”), which went into effect in 2020, provides needed clarity around what constitutes reasonable data security. The use...

Read More

Protect Yourself from Fake QR Codes

With the pandemic also came a resurgence of QR codes. Once thought dead, at least in the United States, they are now more widespread than ever. From...

Read More

What is Pretexting? How to Avoid Being Victimized

Pretexting is a type of social engineering attack that is often used to gain access to confidential information. In a pretexting attack, the attacker...

Read More