• CEPro_logo_blue-new
  • TOPICS
      • News
        • People & Places
        • Product Briefs
      • Projects
      • Events
      • Control
        • Central Vac
        • Energy/Power
        • HVAC/IAQ
        • Interfaces/Devices
        • Lighting
        • Motorized Shades
        • Whole House Systems
      • Audio/Video
        • Audio/Video
        • AV Accessories
        • AV Racks
        • Cabling
        • Displays
        • Furniture
        • Headphones
        • Home Theater
        • Media
        • Mounts/Lifts
        • Multiroom AV
        • Projectors/Screens
        • Speakers/Subwoofers
        • Wireless AV
      • Security
        • Access Control
        • Alarms/Sensors
        • Services/Platforms
        • Surveillance/Cameras
      • Business Support
        • Associations/Buying Groups
        • Cell Phone Boosters
        • Distributors/Reps
        • Operations
        • Recurring Revenue
        • Research
        • Sales/Marketing
        • Software Services
        • Tools/Testers
      • Networking
        • Cellular
        • Devices/Equipment
        • Wireless
        • Wired/Installation
      • Markets
        • Builders
        • Commercial
        • Design
        • Europe
        • Outdoors
        • Resimercial
        • Wellness
      • CE Pro Hub Pages
        • Bose
        • Savant
        • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-iQ
  • SUBSCRIBE
    • CEDIA SHOW UPDATES
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
  • DISCOVER
    • CEDIA Expo
      • September 29 – October 1
        Dallas, TX
      • VISIT SITE
    • KBIS
      • February 8 – 10
        Orlando, FL
      • VISIT SITE
    • Total Tech Summit
      • October 26 – 28
        Orlando, FL
      • VISIT SITE
    • Commercial Integrator
      • VISIT SITE
    • Security Sales
      • VISIT SITE
    • Tech Decisions
      • VISIT SITE
    • Campus Safety
      • VISIT SITE
    • Design Well
      • VISIT SITE
    • KBB Online
      • VISIT SITE
    • AV-iQ
      • VISIT SITE
    • CE Pro-iQ
      • VISIT SITE
  • Search
  • TOPICS
    • News
      • People & Places
      • Product Briefs
    • Projects
    • Events
    • Control
      • Central Vac
      • Energy/Power
      • HVAC/IAQ
      • Interfaces/Devices
      • Lighting
      • Motorized Shades
      • Whole House Systems
    • Audio/Video
      • Audio/Video
      • AV Accessories
      • AV Racks
      • Cabling
      • Displays
      • Furniture
      • Headphones
      • Home Theater
      • Media
      • Mounts/Lifts
      • Multiroom AV
      • Projectors/Screens
      • Speakers/Subwoofers
      • Wireless AV
    • Security
      • Access Control
      • Alarms/Sensors
      • Services/Platforms
      • Surveillance/Cameras
    • Business Support
      • Associations/Buying Groups
      • Cell Phone Boosters
      • Distributors/Reps
      • Operations
      • Recurring Revenue
      • Research
      • Sales/Marketing
      • Software Services
      • Tools/Testers
    • Networking
      • Cellular
      • Devices/Equipment
      • Wireless
      • Wired/Installation
    • Markets
      • Builders
      • Commercial
      • Design
      • Europe
      • Outdoors
      • Resimercial
      • Wellness
    • CE Pro Hub Pages
      • Savant
      • Bose
      • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-IQ
  • SUBSCRIBE
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
    • CEDIA SHOW UPDATES
  • DISCOVER
    • Cedia Expo
      VISIT SITE
    • Commercial Integrator
      VISIT SITE
    • Security Sales
      VISIT SITE
    • Tech Decisions
      VISIT SITE
    • Campus Safety
      VISIT SITE
    • Design Well
      VISIT SITE
    • Total Tech Summit
      VISIT SITE
    • KBB Online
      VISIT SITE
    • AV-iQ
    • CE Pro-iQ
M
POPULAR SEARCHES
News
Projects
Control
Audio Video
Security
Business Support
Markets
SUBSCRIBE CEDIA EXPO
Business Support | Security
January 6, 2022

Which AV Products Are Easy Targets For the Log4j Vulnerability?

The ongoing Log4j vulnerability has left a number of AV and IT products at risk, including many that commercial and residential integrators may use.
Zachary Comeau  
Article:
Business Support | Security
January 6, 2022

Which AV Products Are Easy Targets For the Log4j Vulnerability?

Multiple governments’ cyber agencies have released a long list of technology vendors and their products that are impacted by the Log4j vulnerability. They include the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Dutch National Cyber Security Centrum (NCSC).

The two agencies are maintaining running lists of vendors impacted by the vulnerability on their respective GitHub repositories. These lists includes the name of the vendor, the product impacted and information about security patches. There are also links back to the vendor’s security advisory.

As of Wednesday afternoon, the CISA repository listed more than 500 products from manufacturers. There are lists products that are affected, under investigation or not affected. Read more about CISA’s recommendations on this major issue here.

The NCSC has a much more comprehensive list of about 1,900 products and their vulnerability status. However, not all vendors listed have vulnerable products.

Both lists also offer information about workarounds and temporary mitigations while the solutions are patched.

Join Us At Total Tech Summit 2022

Total Tech Summit is where the integration industry elite gather. It's your chance to build rock solid industry connections to grow your firm and advance your career. We invite you to apply today for a free trip to join us in Orlando October 26-28, 2022. Apply now!

Prominent vendors are appearing on these lists. They include Cisco, VMWare, Amazon, IBM, Fortinet, Microsoft, Splunk, Sophos and Red Hat. Others of the largest enterprise technology providers in the world are present, too.

  • CISA repository: https://github.com/cisagov/log4j-affected-db
  • NCSC repository: https://github.com/NCSC-NL/log4shell/tree/main/software

Both of those resources list some AV-aligned vendors. However, we recommend also checking out this Reddit post.

In addition, individual manufacturer pages can provide more detailed information.

Widespread Exploitation Attempts

Because of the broad vulnerability across the entire IT ecosystem, coupled with the simplicity of this exploit, attackers have pounced at the opportunity to leverage this for a variety of purposes. Those include cryptojacking, ransomware and other attack methods.

According to cybersecurity provider Check Point, the company has seen an attempted exploit on 46% of global corporate networks The firm’s software has helped prevent over 1.8 million attempts to exploit the vulnerability.

What’s especially concerning, however, is that known threat actors are responsible for nearly half of those attempts. Those include perhaps nation-state actors and other sophisticated groups. Such groups typically have access to more resources and advanced tools.

Attacks leveraging this vulnerability have also rapidly escalated, with attacks nearly doubling between Dec. 11 and Dec. 13, according to Check Point’s data.


Related: Why Integrators Should Be Paying Attention to the Log4j Vulnerability

The global average of corporate networks being attacked via this vulnerability is about 46%. However, some countries have seen over 60% of corporate networks impacted.

What’s even more concerning is the type of organization being attacked. According to Check Point, at least 55% of internet service providers, managed service providers, value-added resellers and other third-party tech service providers have reported being attacked.

As is often the case, those kinds of organizations represent valuable hacking targets. The reason is they likely hold the keys to the networks of thousands of additional organizations.

Another Log4j Security Update

Apache quickly released Log4j version 2.15.0 in a security update to address the main vulnerability that was exposed last week. But the foundation this week released another update, 2.16.0. It addresses a remote denial-of-service vulnerability in certain non-default configurations.

Organizations are advised to apply the new update immediately.

According to The Apache Foundation, 2.15.0 restricts JNDI LDAP lookups to localhost by default. However, 2.16.0 disables access to JNDI by default and lookups now need to be enabled explicitly.

The update limits the protocols by default to only Java, LDAP and LDAPS. It also limits the LDAP protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed, the organization says in an advisory.


This article originally appeared on our sister publication Commercial Integrator‘s website.

ARTICLE TOPICS

Business Support • Security

ARTICLE TAGS

Cybersecurity

SHARE

Share On Facebook
Share On Twitter
Share On Linkedin
Share On Whatsapp
Share Via Email
Copy URL
← Previous Article Next Article →
Article Central VacNewsWellness

Amazon Acquires iRobot Roomba for $1.7B in Cash

Amazon adds iRobot's Roomba vacuum cleaner to its growing portfolio of smart home solutions including Ring, Fire TV and Echo smart speakers.
Article Amplifiers/ReceiversAudio/VideoAV AccessoriesAV RacksControlDesignFurnitureHome TheaterInterfaces/DevicesLightingMarketsMediaMotorized ShadesMultiroom AVNetworkingNewsProjectors/ScreensSpeakers/Subwoofers

SDI’s Audiophile-Centric Approach Reflects an Evolving Market 

SDI is helping Boston-area homeowners meet their home technology objectives without cluttering their homes with unsightly electronics.
Article Central VacNewsWellness

Amazon Acquires iRobot Roomba for $1.7B in Cash

Amazon adds iRobot's Roomba vacuum cleaner to its growing portfolio of smart home solutions including Ring, Fire TV and Echo smart speakers.
Article Devices/EquipmentNetworkingSecurityServices/PlatformsSponsored Content

Preventing Cyberattacks Before They Occur

guardDog’s ASM solution preemptively recognizes, exposes and shuts down cybersecurity threats before an attack can happen, and can help prevent it.

SHOW NEWSLETTER

Sign Up

CE Pro

Subscribe Sign Up

Content Types

News
Products
Projects
Companies
Downloads
Webcasts
Podcasts
Events

Specials

IntegratorJobs
CEDIA EXPO
CE Pro 100
CE Pro Summit
Awards Programs

Company Info

About
Contact Us
Customer Service
Media Solutions & Advertising

Subscribe

Magazine
Newsletters
Digital Edition

Connect

Twitter
Facebook
LinkedIn
YouTube
RSS Feed

Categories

AUDIO/VIDEO
AV Accessories
AV Racks
Amplifiers/Receivers
Cabling
Displays
Furniture
Mounts/Lifts
Multiroom AV
Projector Screens
Speakers/Subwoofers
Wireless AV
CONTROL
Central Vac
Energy/Power
Interfaces/Devices
HVAC/IAQ
Lighting
Motorized Shades
Whole-House Systems
NETWORKING
Cellular
Devices/Equipment
Wireless
Wiring/Installation
SECURITY
Access Control
Alarms/Sensors
Services/Platforms
Surveillance Cameras
BUSINESS SUPPORT
Associations/Buying Groups
Distributors/Reps
Operations
Recurring Revenue
Research
Sales/Marketing
Software/Services
Tools/Testers
MARKETS
Builders
Commercial
Design
Europe
Outdoors
Wellness
FOLLOW US ON
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow

© 2021 Emerald X, LLC. All Rights Reserved.

  • ABOUT
  • CAREERS
  • TERMS OF USE
  • PRIVACY POLICY