Understand, manage and take control of your organisation’s cyber risks simply, quickly and cost effectively.
Sell and renew more cyber insurance policies, and keep your clients happy with our tools and support.
Make better underwriting decisions by removing complexity and accessing instant insight into cyber risk exposure.
Get a clear, easy-to-understand view of cyber vulnerabilities and deliver real results for your clients.
Get a clear, easy-to-understand view of portfolio cyber risk vulnerabilities and minimise investment risk exposure.
Understand, manage and take control of your organisation’s cyber risks simply, quickly and cost effectively.
Sell and renew more cyber insurance policies, and keep your clients happy with our tools and support.
Make better underwriting decisions by removing complexity and accessing instant insight into cyber risk exposure.
Get a clear, easy-to-understand view of cyber vulnerabilities and deliver real results for your clients.
Get a clear, easy-to-understand view of portfolio cyber risk vulnerabilities and minimise investment risk exposure.
By KYND
Billed as possibly the ‘single biggest, most critical vulnerability of the last decade’ the Log4Shell vulnerability has put millions of computers at risk of being taken over by hackers. In our blog post, KYND explains the issue and how we can help.
*Update Dec 20 2021:
The Apache Software Foundation (ASF) has now disclosed a third vulnerability in Log4j which is capable of Denial of Service and Remote Code Execution. This issue affects all versions from 2.0-beta9 to 2.16.0. We would highly advise you to patch to
Log4j 2.17.0${ctx:loginId}or $${ctx:loginId}(%X, %mdc, or %MDC)${ctx:loginId}$${ctx:loginId}ASF has further noted that Log4j versions 1.x have reached end of life and are no longer supported.
*Update Dec 15 2021:
A second Log4j vulnerability has been disclosed after the patch to fix the initial Log4Shell exploit was deemed as incomplete. We would advise you to patch to Log4j 2.12.2 or Log4j 2.16.0 to close this new issue, if this isn't possible immediately then you should consider disabling JNDI as an alternative measure.
On Friday 10th December, a critical zero-day exploit was discovered in a popular Java library called Log4j; The library is widely adopted and used in many commercial and open-source software products as a logging framework. The vulnerability CVE-2021-44228 is critical, since attackers can exploit it to execute code and grant themselves privileged access to systems.
The scope and breadth of this critical exploit are exceptionally broad and far reaching due to Log4j’s ubiquitous usage. It can affect any software, services, or components that use an affected version of Log4j. A non-exhaustive list of vulnerable software has been published, and is being maintained by NCSC-NL here.
The range of possible exploit mechanisms is vast, and trivial to execute. To demonstrate how widespread and easy it is to exploit - there are reports of people being able to trigger the exploit through simple web forms, Twitter handles, and even through Minecraft’s chat functionality.
The exploit code for attackers to insert has been made publicly available and so malicious users are actively attempting to exploit this against victims.
Sophos has already detected hundreds of thousands of attempts since December 9 to remotely execute code using this vulnerability, and log searches by other organizations (including Cloudflare) suggest the vulnerability may have been openly exploited for weeks. 11/16 pic.twitter.com/dbAXG5WdZ8
— SophosLabs (@SophosLabs) December 13, 2021
As this is a severe vulnerability under active exploitation, we recommend acting with urgency to patch and update any vulnerable instance of Log4j to Log4j-2.15.0. We expect this to be a time-consuming task due to the ubiquitous usage of the Log4j library and would advise using the NCSC-NL list as a starting point. We would additionally recommend evaluating logs for any intrusions and a review of network security.
Since the discovery of the Log4j vulnerability, we have been busy at work testing and implementing a detection capability for this new vulnerability. We are now directly testing externally-facing services for evidence of this vulnerability on behalf of our customers and partners.
If you would like KYND to help your organisation please contact us.
CVE-2021-44228 affects Log4j between versions 2.0 and 2.14.1.
If patching/upgrading isn't immediately possible you can mitigate the vulnerability:
For version >=2.10: set log4j2.formatMsgNoLookups to true
For releases from 2.0 to 2.10.0: you may want to remove the LDAP class from log4j completely by issuing the following command: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
For certain JVM Versions, it is possible to set com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase to false to mitigate the vulnerability. Some JVM versions already have this as default setting
You may check for exploitation attempts in your logs using the following:
Web server Linux/Unix command - sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' /var/log/
Searching network logs for - jndi:ldap or /Basic/Command/Base64/
PRESS RELEASE: KYND and Intelligent Insurer survey delves into key insights shaping the dynamic US cyber insurance market
PRESS RELEASE: KYND introduces next level Exposure Management for insurers to tackle cyber accumulation risk
PRESS RELEASE: Probitas 1492 selects KYND to enhance portfolio cyber exposure modelling and boost profitable growth
Accreditation & Features
