January 2022

Critical vulnerability rippling through the internet community

Log4Shell explained 

A critical vulnerability in a popular open-source library Apache Log4j has been publicly disclosed. It impacts many web applications built by companies like Twitter, AWS, Microsoft, and countless others. Log4j library is a java-based logging utility. For example, if your business’s system has a vulnerable version of this code, a remote attacker could be enabled to steal personal data, install malware or take control of your system entirely.

How this affects your business 

This threat has become a critical matter because of the widespread use of Log4j in web applications. It is typically associated with Apache web services and Tomcat but is often included in non-related third-party products. Cybercriminals could exploit this vulnerability, if present, by sending specially crafted messages to a system that uses Log4j, enabling the attacker to load and execute arbitrary external code and potentially take complete control of the vulnerable system. This type of vulnerability is commonly known as remote code execution. 
 
“The Log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency director. 

It is important that you and your employees always remain vigilant when it comes to cybersecurity, and we will alert you of any new local and global fraud tactics as they arise.

Please consider these resources to learn more about this vulnerability, how to determine if you have been impacted and the steps to remediate:

Sources:

Related Posts