Log4j Exploit

As you may or may not be aware, there is a recent security incident involving a Critical Apache Zero-Day Vulnerability called Log4j discovered last Friday (details found on the NIST website). Nucleus has been working on the situation since Friday to ensure our clients are protected. Nucleus has confirmed all its internal systems are protected and NOT impacted by this vulnerability. 

We are proactively reviewing the list of vendors impacted by this vulnerability to determine which clients are impacted and we will reach out to you directly if there’s anything you need to do. Note, while most vendors do not have patches out yet, we are following their guidance of putting the workarounds in place and will patch appropriate systems once patches have been released.

For clients using our next-generation Managed Security Services (MDR), this threat is blocked and it is a good reminder for all clients to accelerate their transition to our recommended EPP/EDR (Endpoint Protection Platform + Endpoint Detection & Response) solution. Traditional Antivirus products are no longer adequate to combat threats like these as they wouldn’t have blocked Log4j.

If you have any further questions or concerns, please contact your CSM directly. We will be updating this blog post as things progress.