A severe vulnerability has been identified in the Apache Log4j. Apache Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. A bug in Log4j Java (Log4j 2.0-beta9 through 2.14.1) library is being used to provide hackers the ability to takeover systems without any form of authentication.
An unauthenticated remote actor could exploit this vulnerability to take control of an affected system. Experts believe that this CVE will be used in ransomware attacks due to its ease of exploitation. Application services like Steam, Apple iCloud, and Minecraft were or have been found with this vulnerability.
Actions to take:
- Meet with your IT team or Managed Service Provider to determine your company’s risk with this vulnerability.
- Review the CISA website with your IT Team or Managed Service Provider for further direction and actions to take. Click this link to visit the: CISA Website
Below is a running list of software and appliances affected by Log4j. We advise that all clients should contact their vendors for more information. Click this link in to see the: List of Software & Appliances effected
If you have any further questions or would like to leave a comment on this post, please fill out the form below and one of our cybersecurity experts will get back to you.
Stay safe out there,
CyberNINES Consultants
By
·
1 minute read