The Log4j Vulnerability, Explained

by

December 13, 2021

Integris is actively tracking a new, evolving vulnerability affecting a Java logging package, Log4j, which is used in a significant number of applications and services. Learn what it is and why it’s important below.

 

What is Log4j?

Log4j is an open-source Java logging package. Almost every software keeps records of errors and events, known as logs. Many developers use the open-source (freely available) Log4j to log – applications and services such as Apple, Twitter, Steam, Tesla, and Apache use it.

 

What is the Log4j vulnerability?

Malicious attackers can trick Log4j to run malicious code by making it store a log that includes a special, dangerous string of code. From there, the hacker could potentially have full access to the system and do things like steal sensitive data.

The Log4j vulnerability is serious because it’s a commonly used piece of freely available software. This means any exploit found makes many applications, services, and businesses vulnerable.

 

Burnout & holidays = potential for major trouble

This is a zero-day vulnerability – meaning recently discovered but vulnerable for a longer period. But that means bad actors tried to take immediate advantage of the situation.

They were aided by the fact that this is announced during the holiday season, when workers may be on vacation or focusing on upcoming parties and presents. And like some previous vulnerabilities, activity spiked over the weekend for the same reason on a smaller scale. Burnout, caused in part by a deluge of cybersecurity incidents like these, has been a major issue in the past year.

All of this adds up to a troubling cybersecurity situation.

 

What did Integris do?

Integris was alerted quickly as the threat became known. We sent out an alert to clients, alerting them to this vulnerability. We are working in coordination with vendor partners to deploy updates as they become available.

 

What did your provider do?

Which leads to the question: what did your IT provider do? Did they alert you of the situation, and let you know what steps they were taking? Or are you learning about it now?

We think it’s important to keep our clients in the loop, even if the information is not actionable on their end. We want our clients to know that we know and that we’re on it.

Interested in learning more? Reach out to Integris today.

We're Integris. We're always working to empower people through technology.

Keep reading

How Can Managed IT Services Improve my Business Security?

How Can Managed IT Services Improve my Business Security?

How Can Managed IT Services Improve my Business Security: The Quick Take Managed IT services provide a comprehensive solution for businesses looking to enhance their security posture. By partnering with a Managed IT Service Provider (MSP), companies can outsource...

How Much Do Managed IT Services Cost?

How Much Do Managed IT Services Cost?

How Much Do Managed IT Services Cost? A Quick Take on Factors and Price Ranges How Much Do Managed IT Services Cost? In 2025, the average small to medium-sized company can expect to pay about $100 to $149 per month, per user to outsource their IT to a managed IT...

The Role of Cybersecurity in IT Support for Law Firms

The Role of Cybersecurity in IT Support for Law Firms

When it comes to hiring IT support for law firms, too many practices are stopping short of making the cybersecurity investments they need. In fact, according to the American Bar Association Tech Report, nearly half of all firms are missing one or more of the key...