GroupSense's CTO, Adam Bregenzer, and Cybersecurity and Infrastructure Security Agency's Senior Advisor, Beau Woods, have developed a new open-source search tool to help cybersecurity professionals navigate the ever-growing list of software products impacted by Log4j. "Beau and I wanted to make the vast list of software organizations sortable and searchable. By default it's just a very large web page," Adam Bregenzer.
According to SC Media, "Woods, a fellow with the Atlantic Council’s Cyber Statecraft Initiative who also acts as an advisor to CISA on cybersecurity issues, told SC Media that the repository remains a great resource, but one that has become progressively harder to use as defenders continued to scope out the impact across the broader IT ecosystem.
'Pretty quickly the list started getting really, really big because of the research agencies were doing…and CISA was doing. Once it crossed 1000 individual affected products, that got pretty unwieldy to go through manually to search, there were limitations on how many lines GitHub can display,' Woods explained. 'I kind of looked at that and said there’s got to be an easier way, there’s probably some really quick code that could be written to parse this…into a more elegant, tabular form that can hold all of the rows that are created.'
Woods said the search index tool was part of a personal project that he and Bregenzer undertook to help improve the searchability of the database and is not an official CISA project, though a link to the tool has been added to CISA’s GitHub page for Log4j."
We are very proud to have Adam on the GroupSense team and celebrate his dedication to cyber security professionals.
GroupSense performed a deep and dark web investigation into the critical remote code execution (RCE) zero-day impacting the Apache Java-based logging utility Log4j (CVE-2021-44228). This high severity vulnerability is already being actively exploited in the wild, per numerous public reports. The attack vector is extremely trivial for threat actors to exploit, requiring only a single string of code, and impacts software products from numerous vendors. The US Cybersecurity and Infrastructure Security Agency is maintaining an updated list of affected vendors.
GroupSense has observed extensive discussion among threat actors regarding the log4j/Log4Shell vulnerability.