3 min read

Incidence Response Notification: log4j

Picture of Joshua Peskay Joshua Peskay : Dec 13, 2021 9:00:00 AM

cybersecurity cyberattack incidence response
Incidence Response Notification: log4j

Update from 12/21

The team at RoundTable has continued to scan and enumerate (e.g. discover) any presence of the log4j vulnerability across our customer environments.

We are happy to report that we have NOT found any indications of compromise on any customer endpoint as yet.

 

 

Across many thousands of endpoints under RoundTable management, we have discovered a small percentage (~2%) of endpoints with presence of the log4j vulnerability. This does NOT mean the endpoints have been compromised, but it does mean they are vulnerable to compromise until remediated.

Where appropriate, we are patching and initiating restarts of these endpoints to mitigate the vulnerability without any customer action required.

Here’s a critical point: If an individual workstation, even one on a protected network, has the log4j vulnerability present, it can be exploited by merely getting the individual to visit a malicious website. That would most likely happen by clicking on a link in a phishing email or social media message.

RoundTable is reaching out to every single individual on whose workstation we have discovered the presence of the log4j vulnerability. If RoundTable contacts you, please respond as soon as you are able. This will allow us to coordinate remediation efforts promptly.

Thank you for your cooperation and attention to this important matter.

Update from 12/17

With the help of our partner, Datto, the security researcher, Florian Roth, and the incredibly hard work of our own team, RoundTable has managed in just a few days to scan the vast majority of workstations, laptops and servers across our customer environments for presence of the log4j vulnerability and/or any indications of compromise.

Please note that we have NOT found any indications of compromise on any customer endpoint as yet.

Across many thousands of endpoints under RoundTable management, we are discovering a small percentage (~2%) of endpoints with presence of the log4j vulnerability. This does NOT mean the endpoints have been compromised, but it does mean they are vulnerable to compromise until remediated.

Where appropriate, we are patching and initiating restarts of these endpoints to mitigate the vulnerability without any customer action required. We will also be reaching out to affected customers in the coming hours/days to coordinate remediation efforts where client action is required.

If RoundTable contacts you, please respond as soon as you are able. This will allow us to coordinate remediation efforts promptly.

Thank you for your cooperation and attention to this important matter.

Update from 12/13

We want to keep you updated on what we’ve been doing to ensure the security of your systems since we first learned of the log4j vulnerability last week. RoundTable is continuing to monitor this situation closely and work with our partners to determine which systems are impacted and, if so, what action(s) need to be taken to secure these systems.

 

 

One of our partners, Datto, has provided us with a tool that helps with enumeration (discovery of assets potentially vulnerable to log4j) and mitigation. Our security team is working diligently to identify all impacted assets across all our customers as swiftly as we can.

Where possible, we are patching and restarting assets to mitigate the vulnerability without any customer action required.

If RoundTable contacts you to request a restart of one or more of your systems, please respond as soon as you are able. This will allow us to coordinate with you to ensure any disruptions to your services are understood and expected.

If you receive communications from one of your vendors informing you of action required on your part and you are not sure what to do, please contact us at (207) 370-4647 or open a support ticket via our online support page.

If you are not aware, or wish to learn more about the log4j vulnerability, here is a link to the most recent information from CISA (The Cybersecurity Infrastructure and Security Agency), but the basics are as follows:

What Happened: A 0-day exploit was released for log4j—a Java-based logging utility that's part of the Apache Logging Services project. It is used by millions of systems worldwide to process logs.

Impact: People are comparing this to Heartbleed, which had a significant impact, but log4j is potentially even worse since it has the possibility of allowing direct and immediate harm in the form of password/key extractions and RCE (Remote Code Execution).

Affected Systems: Still Developing, but here is a current list of known affected systems.

As always we are dedicated to your security, please contact us if you have any further questions or concerns.
log4j and the ER Cybersecurity Challenge for Nonprofits

log4j and the ER Cybersecurity Challenge for Nonprofits

Picture of Joshua Peskay Joshua Peskay : Jan 11, 2022 9:00:00 AM

As we head into 2022 with Delta and Omicron on our minds and cautious hopes that this will be the year we finally put this disruptive pandemic in our...

cybersecurity cyberattack
Read More
Update on Cybersecurity Concerns Related to Russia-Ukraine Conflict

Update on Cybersecurity Concerns Related to Russia-Ukraine Conflict

Picture of Joshua Peskay Joshua Peskay : Mar 23, 2022 10:11:32 AM

Approximately two weeks ago we provided guidance for organizations concerned about cyber threats stemming from the Russia-Ukraine conflict.

cybersecurity cyberattack incidence response
Read More
Avoiding Disaster: The LastPass Security Breach

Avoiding Disaster: The LastPass Security Breach

Picture of Shanna Utgard Shanna Utgard : Jan 3, 2023 3:00:00 PM

As of December 22, 2022, LastPass announced a recent cybersecurity incident and many RoundTable customers have asked what this means for them.

cybersecurity cyberattack incidence response
Read More