Apache Log4j Vulnerability

Dec 16, 2021

A severe vulnerability was identified in Apache Log4j.   Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information.  A bug in Log4j Java (Log4j 2.0-beta9 through 2.14.1) library is being used to provide hackers the ability to takeover systems without any form of authentication.

An unauthenticated remote actor could exploit this vulnerability to take control of an affected system. Experts believe that this CVE will be used in ransomware attacks due to its ease of exploitation.  Services like Steam, Apple iCloud, and Minecraft were/have been found with this vulnerability.

Actions to take:

  1. Meet with your IT staff or MSP to determine your company’s risk with this vulnerability.
  2. Review the CISA website with your IT team for further direction and actions to take.  https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

Below is a running list of software and appliances affected by Log4j.  Clients should contact their vendors for more information. https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

 

Recent Updates

7 Top Tips for Cyber Security Awareness Month

7 Top Tips for Cyber Security Awareness Month

For 18 years, CISA and the National Cyber Security Alliance (NCSA) continue to raise awareness about the importance of cybersecurity across our Nation, ensuring that we all have the resources we need to be safer and more secure online.  The following tips would be...

Events

There are no upcoming events at this time.