Microsoft Azure Sentinel Acquires Log4J Exploit Tracking Capability
Cyber security companies and software developers are currently grappling with an exploit of a Log4j vulnerability that could cause massive damage. Known as Log4Shell, the malware targets organizations and could infect hundreds of millions of machines. Microsoft says it has updated Azure Sentinel, which can now detect, monitor and investigate exploits related to the Log4j flaw.
If you are not familiar with Azure Sentinel, it works in Azure environments to provide a “cloud-native security information and event management (SIEM) tool.” Launched in 2019, it collects huge amounts of data from cloud-based services, such as third-party Office 365 offerings.
Sentinel is a paid service within the Azure ecosystem and customers work directly with Microsoft by sending security logs to the company. Microsoft analyzes the data to find security vulnerabilities.
In a blog post, Microsoft explains how Sentinel will now discover instances of Log4Shell, allowing users to pass the information to Microsoft for investigation:
“A new Microsoft Sentinel solution has been added to the Content Hub that provides content to monitor, detect and investigate signals related to the exploitation of the recently disclosed Log4j vulnerability. “
Microsoft initially announced that it was tracking an active exploit of a Log4j vulnerability earlier this month and that it has the potential to infect millions of systems. Log4Shell is considered a critical flaw in the open source logging library. Because Log4j is common in cloud services, the potential for this exploit to be dangerous is high.
The company later said state-sponsored groups were also actively using the exploit. Log4j versions 2.0 to 2.14.1 present a vulnerability that allows attackers to engage in remote execution attacks. If successful, the hack leaves the threat actor in control of the device. Apache Software Foundation has implemented version 2.15.0 to correct the flaw.
However, for now, there are potentially millions of systems that have not been updated and remain at risk.
Tip of the day: Did you know that you can also use OneDrive to save folders and files in the cloud that are outside of the main OneDrive folder. Check out our step-by-step tutorial to use this handy method also for your Windows 11 / Windows 10 PC.