Share
Preview
In this email we want to give you an update on the actions we have taken in the past days. We also share some advice on how to act yourself.
 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
Guardian360
Dear ,

No doubt you've already heard about the major vulnerabilities found in the Log4j code provided with Apache (CVE-2021-44228). Through this vulnerability, malicious actors could potentially gain access to IT environments.

In this email we would like to give you an update on the actions we have taken in the past days. We also share some advice on how to act yourself.

Last Friday night, our scanners scanned the scan scopes within the Guardian360 Lighthouse platform. Saturday morning there where no Log4j issues detected yet. Nevertheless, we contacted a number of partners we know of having Apache servers online.

Sunday morning we held consultations with the Dutch National Cyber Security Centre (NCSC) and some 70 leading Dutch information security professionals. During that consultation, it became clear that, fortunately, there were no incidents as a result of the Log4j vulnerability yet. Nevertheless, a high state of preparedness is essential because it is expected that more and more vulnerable systems will be discovered in the coming days.

At this time, the Log4j vulnerability cannot be properly detected by automated means. We are using several vulnerability scanners and know that their developers are working on several updates. However, the issue is not easy to detect (automatically), also because the Log4j code is embedded in a lot of software. In the period ahead it will become increasingly clear which software is involved and, where possible, which additional scanners can be developed.

For the time being, the Guardian360 Lighthouse platform does not appear to be vulnerable to this vulnerability. We do not use Apache and Java in our platform, probes and hacker alert appliances.

Guardian360 is still investigating whether there are other systems within our own IT-environment that may be vulnerable. We will keep a close eye on updates from the community. The same applies to our suppliers; we're investigating if they are vulnerable.

The Dutch NCSC maintains an overview of vulnerable Log4j applications on GitHub and has also published a number of steps to be taken. The list will be updated continuously in the coming days, as numerous applications use Apache Log4j: https://github.com/NCSC-NL/log4shell.

On behalf of the Guardian360 team,
Kind regards,

Jan Martijn Broekhof
Managing Director
When you don't like to receive our emails please unsubscribe
 
Guardian360
Orteliuslaan 1000
3528 BD Utrecht
Nederland


Email Marketing door ActiveCampaign