Sangfor Invited by the Cyber and Data Security Society Macau CDSS to Share Its Latest Research on Apache Log4j2
Recently, the Macau Cybersecurity Incident Alert and Response Centre (CARIC) announced the remote code execution vulnerability in the Apache Log4j2 to inform various government departments and public institutions that the situation is urgent.
Feng Jinsong, the vice-chairman of the Macau Cyber and Data Security Society (CDSS), said that in recent years, the number of attacks on local enterprises has been increasing, attacking not only operating systems but also Internet of Things (IoT) devices. Network attacks occur frequently, and many user data are stolen by hackers, or even published or sold online. The increasingly severe network security threats and offensives show that ensuring network security is more than important to enterprise operations.
Mr. Feng said that due to the recursive parsing function of Apache Log4j2, attackers can use this vulnerability to construct malicious data for remote code execution attacks without authorization, and finally obtain the highest permission on the server. To help enterprises better understand and deal with Apache Log4j2, the scientific research and social concern group of CDSS held a seminar and invited Sangfor security expert, Edmond Ho, to share its analysis & research on this vulnerability. The Sangfor security team detected a remote code execution vulnerability in the Apache Log4j2 component and successfully reproduced the vulnerability. According to the interception data of Sangfor Neural-X, there are more than 3,000 attacks exploiting vulnerabilities in just one hour, and the number of attacks is growing very fast. Industries including education, government, and manufacturing are the most vulnerable to this exploit attack. Without effective maintenance, there will be a huge impact on businesses and the public.
Sangfor, as the technical support unit of Macau Cyber and Data Security Society, will continuously help government customers to deal with the vulnerability with Sangfor Emergency Incident Response and mitigation methods.
Assent management is critical to identify and categorize the business risk of potential target servers. Sangfor Endpoint Secure can assist users who have a great number of host, system, and application assets that need categorization. Users can quickly sort host assets (operating system, middleware, application software) using the Endpoint Secure Asset Management capabilities without requiring updates to software versions. Endpoint Secure can quickly locate and identify high-risk versions of Apache Log4j2, evaluate high-risk middleware and applications, and assess the population of affected servers.
Sangfor Cyber Command network detection and response (NDR) platform update vulnerability threat detection models using Neural-X data as soon as a vulnerability is discovered and reported. Cyber Command can accurately locate any affected assets and evaluate their repair priority, quickly converge on the exposed attack surface, and directly trace back the exploits that have occurred.
Sangfor also provides Incident Response and Assessment services to help organizations build full visibility of their entire network and quickly determine the risk of attack or if now suffering attacks exploiting the Apache Log4j2 vulnerability.
About Macau Cyber and Data Security Society
Macau Cyber and Data Security Society (CDSS) is a non-profit organization that has always been concerned about the cyber security of business enterprises and continues to hold relevant seminars to continuously improve the understanding of local enterprises in related fields and help enterprises adapt to their information technology systems, correspondingly enhance network security and make business smooth.
About Sangfor Technologies Inc.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure and security solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor's Security solutions and how Sangfor makes each user’s digital transformation easier and more secure.