• Latest
  • Trending
5 Minutes With: Erka Koivunen, CISO at F-Secure

5 Minutes With: Erka Koivunen, CISO at F-Secure

January 3, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 8 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

5 Minutes With: Erka Koivunen, CISO at F-Secure

by ITECHNEWS
January 3, 2022
in Leading Stories, Tech
0 0
0
5 Minutes With: Erka Koivunen, CISO at F-Secure

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

Erka Koivunen, F-Secure’s CISO, spoke to Technology Magazine about the Log4j vulnerability and how people can protect themselves

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. We spoke to Erka Koivunen, CISO at F-Secure, to see how people can protect themselves.

What is the Log4j vulnerability?

It is a vulnerability in the widely used Log4j tool. This is used by many software vendors and service providers globally as a standardised way of creating log files within the software.

The vulnerability allows an attacker to cause the target system to fetch and execute code from a remote location controlled by the attacker. The second stage – what the downloaded malicious code does next – is fully up to the attacker. The vulnerability can also be exploited to exfiltrate certain information such as environmental variables from the target system.

The original intention of the Log4j tool was to dutifully watch the event flow and write down log files. That should have been the end of the story. It should not meddle with the data, trigger any actions or download remotely connectable shells that would give a remote attacker a command line to the server. But in 2013, someone decided that the tool should be augmented.

 

What devices and applications are at risk?

It is probably easier to find an app that doesn’t use the Log4j tool than find one that does. This omnipresence means attackers can search for vulnerabilities almost anywhere. End-users have no way to tell if an app or a service they use is using Log4j somewhere, as part of the data flow and execution chain. The effects may manifest deep in the service provider’s infrastructure in ways that are not always apparent nor easy to predict.

Everybody around the world using the software immediately became affected by this malicious code when the cat was let out of the bag last week, and how to exploit this vulnerability became public knowledge. All internet-facing services and all those collecting telemetry became affected, but the activation of this vulnerability doesn’t happen on the front-end services you interact with. The poison goes down the plumbing deep inside the Service Provider’s backend where it starts to detonate and infect.

It is worth noting that there is not a single valid use-case for the vulnerable lookup function that the attackers are now salivating on. It is like an appendix in a human (or an animal) body; we all have one but would actually be better off without.

 

How can you protect yourself from it?

The strange thing about the vulnerability is that it’s hard to find, but easy to fix.

F-Secure has created a deployable security patch for this vulnerability for F-Secure products, but for SaaS components it is the service provider whose job it is to fix and deploy the patch. However, some users may have set the system so that they apply the patches manually. But there are a huge number of other items to be concerned about.

An up-to-date and complete SBOM (for software companies) and CMDB (for IT management) would go a long way in identifying which systems to focus attention on. It is notoriously difficult to find out how various functionalities in software have been implemented.

Logfiles may help in detecting an attack. A successful and carefully executed exploitation of the vulnerability may be remarkably nondescript. So, it is recommended to a) Look for signs of IoCs available in public, but also focus on b) missing logs (are there unexplained gaps in a timeline) or c) entries that stand out as unusual. C will be the hardest to notice unless you already have a solid habit of analysing the logs and know what normal looks like.

Organisations must take the following steps to help protect themselves from the vulnerability:

  1. Restrict outbound network access from affected systems where the Log4j component is present or limit it to trusted sites. If your system cannot connect to the Internet to fetch the malicious code, the attack will fail.
  2. Disable the vulnerable lookup functionality.
  3. Check regularly with vendors to see if there is information on patches and other mitigations related to vulnerabilities.
  4. Check your systems daily for updates and apply any available as soon as possible.
  5. Subscribe to reputable Security Bulletins.
Source: Erka Koivunen ,CISO at F-Secure
Tags: CISOF-Secure
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version