In addition, S2W's CTI solution "Xarvis" is updating information related to this vulnerability collected from various channels, and related IoC (Indicator of Compromise) are also continuously posted. S2W has been quickly sharing related information since it was recognized as a vulnerability on S2Gether, a separate information delivery channel for its customers. S2W emphasized that more than 150 services, including Tomcat, Minecraft, Redis, Apache Struts, Apache Solr, Apache Druid, Apache Flink, Apache Dubbo, ElasticSearch, Flume, Logstash, Kafka, and Spring-Boot-starter-log4j2, are affected by CVE-2021-44228 vulnerabilities, and that special attention is needed. S2W's 'Logs of Log4shell (CVE-2021–44228) Report' carefully selects and introduces a variety of log4j-related vulnerability detection and tools at home and abroad, including tools to check vulnerabilities in multiple sites remotely.
S2W also stressed that domestic and foreign conferences and security vendors should continue to check and internalize reports and intelligence related to malware periodically. If simultaneous measures for the entire system are difficult due to security threats, sequential measures are required, which must precede classification of internal assets such as customer systems and externally accessible employee work sites and identification of services in use. Thereafter, when a vulnerability related to an open source used internally is disclosed, a system capable of providing an automated notification is also needed. S2W pointed out that it is necessary to understand the current usage of in-house open-source, including Log4j, to cope with overall security vulnerabilities. Kyoung-ju Kwak, Director of CTI at S2W said, "According to our CTI group analysis, malware distribution such as cryptominer, botnet, and ransomware using Log4j-related vulnerabilities is actively taking place, and indiscriminate attacks on unpatched systems have already begun." And he also expressed concern as "The CVE-2021-44228 affects not only the Apache server, but also all servers and services using log4j regardless of the type of server." Malwares that have already exploited vulnerabilities are actively distributed in the Dark Web from December 10. 17, 2021 /PRNewswire/ - Data intelligence company S2W ( ) recently released an analysis report on Logs of Log4shell ( CVE-2021-44228) and introduced countermeasures.
0 kommentar(er)
