WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Just when we thought we were through the significant bits of Log4j issues, a new problem appeared this past weekend. The good news is that with a lot of smart people looking at the issues, it means that researchers are doing their best to find any faults, and the Apache team is doing a great job at rolling out updates.
Since 10 December 2021, we’ve been staying on top of everything Log4j. We brought you a blog and podcast on the initial vulnerability, CVE-2021-44228, and an update on the second vulnerability, CVE-2021-45046. While we were all really hoping this was it, for now, there’s now a third vulnerability, CVE-2021-45105, that came to light on 17 December 2021.
The latest vulnerability, which can be fixed by updating to version 2.17.0, as detailed here, is the result of a flaw in how input could be used maliciously to create a stack overflow error that causes denial of service. There’s very specific criteria to this one, and we’ve published an intelligence update for our customers with the latest findings.
Researchers discovered that flaws with how context lookups work within Log4j created the right conditions for denial of service. In the latest update from Apache, users of Apache Log4j on Java 8 or later should update their installations to version 2.17.0. As of the time of writing, there is no impact to 1.x versions of Log4j. According to Apache’s guidance, other versions of Log4 projects are not affected, and it can also be mitigated by updating the context lookup functionality. Research from Zero Day Initiative indicates that the best mitigation for those with affected versions should be to update to the latest version.
The initial vulnerability, CVE-2021-44228 (known as Log4Shell), is already under active exploitation, so if you’re running anything between versions 2.10 and 2.14, you should start looking into updating as soon as possible to the latest version. According to the latest from Bleeping Computer, the Conti ransomware group is already using it to attack VMware applications, focusing on internal networks, which often get overlooked or underprioritized compared to externally-facing devices. Conti has typically shown proficiency with getting into networks using a variety of attacks and is now using Log4Shell to move during the post-exploitation phases, namely lateral movement.
In addition to Conti, the previously little-known Khonsari ransomware group got their recent notoriety by being among the first to exploit Log4Shell. Here at Digital Shadows (now ReliaQuest), we’ve seen plenty of cases where various actors share exploits and advice on forums and based on the chatter, there are plenty of others who are interested. Since it becomes somewhat complicated to discover vulnerable assets and roll out patches, criminal groups (and likely nation-states) are banking on this and subsequent vulnerabilities keeping networks open for a time.
The US CISA has also advised all US federal agencies to patch immediately and report anything and everything related to vulnerable infrastructure or applications, as detailed here.
One last callout here from Google should be noted. As part of their ongoing research into this vulnerability, finding the dependencies between various packages and applications will be difficult. Google’s research has shown that there are over 35,000 Java packages impacted in some way by Log4j.
Jake Williams, CTO at BreachQuest, highlighted a key thought in The Hacker News: “There will likely be some time before we understand the full fallout of the log4j vulnerability, but only because it’s embedded in so much software. This has nothing to do with threat actor malware. It has to do with the difficulty in finding the myriad places the library is embedded. The vulnerability itself will provide initial access for threat actors who will later perform privilege escalation and lateral movement – that’s where the real risk is.”
We definitely want to send good vibes to the researchers bringing us the good stuff, the IT teams out there working on patching and mitigations, and the security teams keeping the wolves at bay. We thought the year would end quietly, but fate had another idea. While this probably couldn’t have happened at a worse time, as we said before, there are a lot of great minds trying to solve the problem. We will continue to monitor both the dark web and open media reporting to hopefully bring more context and understanding to the Log4j problems as they arise.
If you are a Digital Shadows (now ReliaQuest) customer, we will continue to publish updates as needed and hopefully bring some clarity to all of this, as shown below. For those on the front lines, we hope you get time to rest, reset, and hopefully make it through the holidays in one piece.