Cloud-based software and security solutions provider, Datto introduced a purpose-built solution to help MSPs to combat Log4j vulnerability. Datto encourages MSPs to download the free script currently available on GitHub for any Remote Monitoring and Management solution. The tool can enumerate potentially vulnerable systems, detect intrusion attempts, and inoculate Windows systems against Log4j attacks.
RMM Endpoint Assessment
Datto stated that, unlike other Log4Shell tools, which can only scan the system for JAR files, Datto’s tool also allows users to search the contents of server logs to detect intrusion attempts and inoculate Windows systems against Log4j attacks.
Datto released two versions of an Endpoint Assessment Tool in an MSP-friendly form to help its partners and all MSPs. Almost 50% of all Datto RMM partners have utilized the adoption of the component created for Datto RMM, which represents millions of scans of endpoints by MSPs for vulnerabilities at client sites. Ryan Weeks, Chief Information Security Officer of Datto said,
« The adoption rate of the Datto RMM component tool has been tremendous, with half our Datto RMM partner base utilizing it to scan protected endpoints. I’m hearing from partners that they finally feel empowered to respond to this emerging threat with this tool. From a community defense perspective, we want to make effective response tools broadly available to help every MSP in the channel to become more secure and to withstand cyber attacks. It is a chief priority at this time to encourage all MSPs to take advantage of the tools we’ve made available in Datto RMM and on GitHub to protect themselves and their clients. RMMs offer a key systems inventory and response capability that makes it easy to view, manage, and secure your endpoints during critical events. »
- VMware vCenter Server is targetted by hackers via Log4j flaws
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- A third, new Apache Log4j vulnerability is discovered
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- CISA published Log4j vulnerability guidance
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited