By Need

Optimize IT Environments for Cost, Efficiency, and Security

Managed solutions that lower TCO while increasing your ROI

Security Programs

Enterprise wide security programs & zero trust

Hybrid Cloud Environments

Secure, scalable, and optimized

Modern Networks

The crucial foundation of business

Anytime Secure Access

Combining productivity and security

Innovation Velocity

Improved developer experiences

Managed Carrier Services

High performance and cost effective

Staff Augmentation

Strategic IT talent on-demand

View All Needs

By Industry

Finance & Banking

Stay ahead of today’s rapid change

Healthcare & Life Sciences

Improve lives with modern solutions

Business Services

Create efficiencies for sustained success

Public Sector

Serve the community with technology

Manufacturing

Unlock efficiencies for Industry 4.0

Retail

Get closer to customers

View All Industries

By Function

IT & Operations

Support your strategic vision

Engineering & Development

Enhance your developer experience

Finance & Procurement

Optimize for cost and security

Product Management

Make your vision a reality

HR

Focus on your people

View All Functional Areas
Managed Services

Remove the complexity of daily IT maintenance and focus on business growth

Cybersecurity & Risk Management

Secure business processes without sacrificing employee productivity

Cloud

Accelerate digital transformation while optimizing for cost

Carrier Services

Simplify and centralize complex business communication systems

Modern Workspace

Empower employees to work from anywhere on any device

Networking

Connect traditional environments to new secure cloud possibilities

Datacenter Modernization

Adapt to a hyperscaled cloud-first IT environment

Resource Management

Find the talent to drive your critical initiatives forward with confidence

View All Services

Learn

Knowledge Center
Events & Webinars
Blog
News

FEatured Resource

Cybersecurity & Risk Management 9 min read

Protecting the Digital Break Room: Collaboration Security for Microsoft Teams

By Jeremy Bello
Partners

Company

About Blue Mantis
News
Leadership
Awards
Philanthropy
Careers

FEatured News

4 min read

A Year of Transformation Produces Strong Tailwinds for Blue Mantis in 2024

By Josh Dinneen
Let’s Meet
All Blog Posts
Datacenter Modernization

New Zero-Day Vulnerability Apache Log4Shell

By GreenPages December 14, 2021

What We Know
A new critical zero-day vulnerability has been detected, is widely distributed, and is easily exploitable, allowing attackers to gain full control over affected servers. The vulnerability was identified within Apache Log4j 2, an open-source Java package used to enable logging in many popular applications. The issue can allow remote access to your computer through public servers you access running the Apache Log4j Java-based logging library.

This vulnerability (CVE-2021-44228) has received the maximum severity rating of 10 on the Common Vulnerability Scoring System scale and has been dubbed as “Log4Shell.” This critical vulnerability has already been targeted in the wild. It can be deployed against anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam. These efforts will continue and expand so addressing the vulnerability as soon as possible is critical.For remediating this vulnerability, the Apache Software Foundation (ASF) says that “this behavior can be mitigated by setting system property ‘log4j2.formatMsgNoLookups’ to ‘true’ or by removing the JndiLookup class from the classpath.” Updating the log4j-core.jar to version 2.15.0, which was released on Saturday, fixes the problem: https://logging.apache.org/log4j/2.x/security.html

GreenPages will continue to monitor and provide further updates on remediation efforts for this critical vulnerability.

Here are additional resources for further insight:

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/

GreenPages stands ready to help you mitigate the above vulnerability and other risks. At present we recommend:

  • Following the remediation recommendations provided here immediately:  https://logging.apache.org/log4j/2.x/security.html

  • Implementing strong passwords and enabling Multi-factor Authentication (MFA)

  • Understanding your network environment and having strong asset and change management disciplines and governance

  • Developing a strong patch and vulnerability management program and keeping all systems and network devices up-to-date

  • Implementing modern security monitoring techniques including MDR, XDR, and SOC/SIEM services

If you need help with this security threat, please reach out to your GreenPages Account Manager!

Recent Blog Posts

View All Posts
Cybersecurity & Risk Management 6 min read

The CrowdStrike Incident and Windows Crash: What to do and How to fix it

By Pete Harris
Managed Services 6 min read

Focus on Growth with Blue Mantis Managed Services

By Geoff Smith
Carrier Services 7 min read

3 Reasons Why Your Business Needs 5G-Connected Laptops

By Kurt Karshick