Integris is actively tracking a new, evolving vulnerability affecting a Java logging package, Log4j, which is used in a significant number of applications and services. Learn what it is and why it’s important below.
What is Log4j?
Log4j is an open-source Java logging package. Almost every software keeps records of errors and events, known as logs. Many developers use the open-source (freely available) Log4j to log – applications and services such as Apple, Twitter, Steam, Tesla, and Apache use it.
What is the Log4j vulnerability?
Malicious attackers can trick Log4j to run malicious code by making it store a log that includes a special, dangerous string of code. From there, the hacker could potentially have full access to the system and do things like steal sensitive data.
The Log4j vulnerability is serious because it’s a commonly used piece of freely available software. This means any exploit found makes many applications, services, and businesses vulnerable.
Burnout & holidays = potential for major trouble
This is a zero-day vulnerability – meaning recently discovered but vulnerable for a longer period. But that means bad actors tried to take immediate advantage of the situation.
They were aided by the fact that this is announced during the holiday season, when workers may be on vacation or focusing on upcoming parties and presents. And like some previous vulnerabilities, activity spiked over the weekend for the same reason on a smaller scale. Burnout, caused in part by a deluge of cybersecurity incidents like these, has been a major issue in the past year.
All of this adds up to a troubling cybersecurity situation.
What did Integris do?
Integris was alerted quickly as the threat became known. We sent out an alert to clients, alerting them to this vulnerability. We are working in coordination with vendor partners to deploy updates as they become available.
What did your provider do?
Which leads to the question: what did your IT provider do? Did they alert you of the situation, and let you know what steps they were taking? Or are you learning about it now?
We think it’s important to keep our clients in the loop, even if the information is not actionable on their end. We want our clients to know that we know and that we’re on it.
Interested in learning more? Reach out to Integris today.