I am an IT Consultant with a bunch of clients in different verticals. And if you are an IT person like me probably, you might be looking for ways to detect vulnerabilities in your network or at your client’s infrastructure.
This evening of December 22nd, I am running Nessus over my client's infrastructure to make sure that things are working smoothly, and then I was planning to hit home. Things turned different when I saw that NESSUS found a copy of LOG4J in one of the NAS servers in the network.
My heart started pumping fast, and my fingers typed more quickly. Where are these files coming from? Why are they stored in a NAS server? Should they not be running on a server? Who put them in there?
After doing deep research on those files, I figured out that they came from a government agency. I won’t disclose which one.
I decided to send an email to that federal agency to alert them that there is one more app with the LOG4J vulnerability and that they might want to patch asap, and if end-users need them, they will need to have an updated version of that app.
Are you implementing any mechanism to isolate your company from the many vulnerabilities in the market? Having an inventory of your installed software and automated patch strategies could help you mitigate the risk of being exposed to a hack.
Acronis Cyber Protect has Advanced Management; IT Departments can spend less time juggling solutions and more time focusing on protecting their users’ data, applications, and systems. The add-on package enables automated patch management and easy work planning to reduce your administrative burden.
Stop more cyber threats for clients with fewer resources. The Advanced Security add-on extends the endpoint protection capabilities of Acronis Cyber Protect Cloud, enabling you to lower the risks for your clients with full-stack anti-malware protection and remediation services. Simplify deployment, configuration, and management tasks with advanced integration and automation.
If you are looking for help to remediate your business problems, do not hesitate to contact us, we can deploy Acronis Services all over the United States of North America.
To finish with my story, the copy of software that I found is not an active application running on my clients server. I just zipped and moved away to a secured backup location. I will be waiting for the Federal Agency to provide some information that could give us some light about this piece of software, and if there is anything that we might need to do.
Thank you for reading all the way down to here. Looks like my Christmas is not going to be in a cold data center, or behind the screen of a server. But close to a Christmas tree, family and hot chocolate.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.