Top Middle East Cyber Threats – 10 January 2022
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threat our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Apache Addresses Remote Code Execution Vulnerability – CVE-2021-44832
Apache has released Log4j version 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832.
For this vulnerability to work, attackers must have permission to modify the logging configuration file to construct a malicious configuration.
Although it might not be useful for external threat actors, this vulnerability can be used in red teaming activities or in later stages in the attack lifecycle such as privilege escalations.
In December 2021, Apache addressed critical vulnerability CVE-2021-44228 with CVSS score of 10/10. For more details, click here.
RECOMMENDATIONS
- Upgrade to the latest release 2.17.1 https://logging.apache.org/log4j/2.x/download.html.
Reference:
