In the past few days, information security specialists worldwide have been working on detection methods for Log4j. Unfortunately, Log4j is not easy to detect and therefore these detection methods do not always work.
The scanners of the Guardian360 Lighthouse platform have been updated with automated Log4j scanners. We've seen the first results appear in the Guardian360 Lighthouse platform already.
Although this is good news, we want to emphasize that it is not yet possible to (automatically) detect all Log4j issues. There is also a big chance that there is still a lot of software of which we do not even know of that has this vulnerability included. In the coming days and weeks we will therefore keep updating our scanners, we would like to ask you to keep looking for vulnerable systems in other ways as well.
The same goes for proposed mitigation methods. In the past week it has become clear that some mitigations work in some cases and not in others. We would therefore like to ask you to remain critical and to test properly whether a mitigation has solved the vulnerability.
On behalf of the Guardian360 team, Kind regards,
Jan Martijn Broekhof Managing Director
When you don't like to receive our emails please unsubscribe
Guardian360
Orteliuslaan 1000
3528 BD Utrecht
Nederland
