Log4j is a major vulnerability that has a widespread impact across a wide range of technology. We can’t stress how serious this is, and your business needs to take action right away.
We’ll keep it simple; when creating software, programmers can utilize different programming languages. One of these languages is called Java, and in Java, programmers have “libraries” of instructions to work with. Log4j is one of those libraries.
A serious vulnerability has recently been discovered in the Log4j library that cybercriminals can exploit to gain access to your systems and data. It leaves your business and your information wide open to the world.
This particular Java library is actually pretty common and is used in a lot of applications and systems. It’s been used by some pretty popular products and services from some big names, like:
…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.
The chances are pretty high that your business uses some software that utilizes Log4j, making it susceptible to the vulnerability. We can’t stress enough that this doesn’t just affect the big guys in the list above, but everyone who uses their software.
The risks are extremely high too—with the vulnerability just coming to light, cybercriminals are going to start exploiting it. This is called a Zero-Day vulnerability, and it’s a ticking time-bomb.
You need to apply your security patches and updates and ensure that the software you use—all of the software that you use—is getting support from your vendors. If you are using software that is no longer supported, or no longer gets updates, you’ll need to audit that system to determine if it is affected by the vulnerability or not. We recommend setting up an appointment to have your entire network audited. You can get this started by giving us a call at (509) 534-1530.
The problem is, as a user, you can’t really tell if a website or piece of software is using this particular Java library.
Since this vulnerability is so widespread, it’s likely to have a lasting impact across all technology for years. It’s more critical than ever to use strong password hygiene. “Password123” isn’t going to cut it anymore. Everyone needs to start using strong passwords and use unique passwords across every single website and account they use. Otherwise, when one system is breached due to this vulnerability, cybercriminals will be able to use the passwords they stole from one account to get into others. This involves following the basic password best practices that we always talk about, like:
You need to protect the interests and information of your employees and customers. We recommend contacting a professional and having all your technology reviewed and updated.
Give SCW a call at (509) 534-1530 to schedule an appointment. Don’t wait for this to blow over—it’s going to be a very dangerous situation for companies that don’t take action.
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!