On December 9, 2021, the Apache Log4j project’s GitHub publicly disclosed a high severity vulnerability that impacts Apache Log4j 2 versions 2.0 to 2.14.1.   The vulnerability allows for unauthenticated remote code execution on Log4j 2, an open-source Java logging library used as a dependency by numerous enterprise applications and cloud services.

Currently, there are reports of this vulnerability being exploited in the wild; primarily resulting in the deployment of crypto mining software. However, given the nature of the vulnerability, it’s possible it could be adopted by other threat actors, and we will provide further information and guidance in a subsequent Security Advisory should new information become available.

// What you should do 

If you are running Apache Log4j, you should immediately evaluate the patch linked below:

If patching is currently not an option:

  • Block JNDI from making requests to untrusted servers by setting ‘formatMsgNoLookups’ to ‘true’. The ‘formatMsgNoLookups’ property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 [1] that proposed it. Therefore the ‘formatMsgNoLookups=true’ mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.15.0, because it then becomes the default behaviour.

// What Simplify Security’s MTR is doing 

For customers with Simplify Security MTR:

  • The MTR team is actively evaluating the available proof-of-concept to ensure appropriate detection coverage is available
  • The MTR team will continue to monitor your estates leveraging the latest intelligence surrounding this vulnerability and should we identify anything of concern, our operators will escalate accordingly.

If you are a customer without MTR, please speak to your IT service provider to further understand the potential impact this may have in your business.

// References 

GitHub POC



Recent blog posts

We are becoming Amaru

We are becoming Amaru

The name Simplify Security doesn’t capture our mission enough. And as a result, we’re rebranding to Amaru. Bigger mission, same vision, same values, same purpose. When I started this business in 2019, I wanted to help organisations grow better with more innovative,...

What is OSINT and what are the benefits?

What is OSINT and what are the benefits?

Open-source intelligence (OSINT) is the practice of gathering, analyzing, and using information from publicly available sources. This can include data from websites, social media, news articles, government reports, and other sources that can be legally and ethically...