A vulnerability has been discovered in Log4j, an open source logging library widely used by applications and services on the Internet. Without remedial action, attackers can break into systems, steal passwords and credentials, extract data, and infect networks with malware.
Log4j is used in software applications and online services worldwide, and the vulnerability requires very little expertise to exploit. This makes Log4shell possibly the worst computer vulnerability in years.
Almost every software has some form of logging (for development, operations, and security purposes), and Log4j is a very commonly used component.
Personally, Log4j is almost certainly part of the devices and services you use online every day. The best thing you can do to protect yourself is to keep your devices and apps as up-to-date as possible and update them regularly, especially over the next few weeks.
Organizations may not be immediately aware that their web servers, web applications, network devices, and other software and hardware use Log4j. It is important for every company to follow advice and your software provider’s advice and take the necessary countermeasures.
Modern software can be large, powerful and complex. Unlike a single author who wrote all the code himself, which was common decades ago, modern software creation will have large teams, and the software will increasingly be built from “building blocks” cobbled together by teams, rather than being written entirely from scratch become.
If teams can use existing code right away, they are less likely to spend weeks writing new code. Log4j is one of many building blocks used to create modern software. Many organizations use it to accomplish a common but important task. We call this a “software library”.
Developers use Log4j to track what’s happening in their software applications or online services. It’s basically a giant diary of system or application activity. This activity is called “logging” and developers use it to find problems with users.
If you feel like your network, applications, servers, devices aren’t safe or want peace of mind with the extra measures our Cyber Security Solutions can bring, we’re ready to talk when you are!