Cybersecurity experts have identified a security flaw in Log4j, a Java library for logging error messages in applications, which could allow hackers unfettered access to corporate computer systems. This discovery has prompted urgent warnings from both America’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Center. According to NCSC, an application is vulnerable “if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.”
What You Can Do
Identify internet-facing devices running Log4j and upgrade them to version 2.15.0, or apply the mitigations provided by vendors ASAP. Also, set up alerts for probes or attacks on devices running Log4j. Vendors with popular products known to be still vulnerable include Atlassian, Amazon, Microsoft Microsoft Azure is an industry-leading cloud-based computing platform. Microsoft Azure encompasses many components of everyday IT needs from simple Active Directory authorization to full server, networking and virtual computing environments. Azure is a potential solution for organizations that want to eliminate in-house IT footprint and virtualize their environment for easy remote access from anywhere users may operate., Cisco, Commvault, ESRI, Exact, Fortinet, JetBrains, Nelson, Nutanix, OpenMRS, Oracle, Red Hat, Splunk, Soft, and VMware. The list is even longer when adding products where a patch has been released. Managing this vulnerability requires technical experience and knowledge to fully understand the exposure and how to take appropriate actions. If you’re not sure if you or your network are exposed to this vulnerability, please contact our team today. We have professional tools that can run scans for your potential exposure and threats.
Security is constantly changing, and unfortunately, it’s impossible to tell when cybersecurity flaws, like this one, arise. Having a security and a managed services provider on your team can be extremely beneficial to your company and it’s assets. We’re happy to talk about how we have helped our clients in the past and can help yours, too.