The Log4j Vulnerability, Explained

by

December 13, 2021

Integris is actively tracking a new, evolving vulnerability affecting a Java logging package, Log4j, which is used in a significant number of applications and services. Learn what it is and why it’s important below.

 

What is Log4j?

Log4j is an open-source Java logging package. Almost every software keeps records of errors and events, known as logs. Many developers use the open-source (freely available) Log4j to log – applications and services such as Apple, Twitter, Steam, Tesla, and Apache use it.

 

What is the Log4j vulnerability?

Malicious attackers can trick Log4j to run malicious code by making it store a log that includes a special, dangerous string of code. From there, the hacker could potentially have full access to the system and do things like steal sensitive data.

The Log4j vulnerability is serious because it’s a commonly used piece of freely available software. This means any exploit found makes many applications, services, and businesses vulnerable.

 

Burnout & holidays = potential for major trouble

This is a zero-day vulnerability – meaning recently discovered but vulnerable for a longer period. But that means bad actors tried to take immediate advantage of the situation.

They were aided by the fact that this is announced during the holiday season, when workers may be on vacation or focusing on upcoming parties and presents. And like some previous vulnerabilities, activity spiked over the weekend for the same reason on a smaller scale. Burnout, caused in part by a deluge of cybersecurity incidents like these, has been a major issue in the past year.

All of this adds up to a troubling cybersecurity situation.

 

What did Integris do?

Integris was alerted quickly as the threat became known. We sent out an alert to clients, alerting them to this vulnerability. We are working in coordination with vendor partners to deploy updates as they become available.

 

What did your provider do?

Which leads to the question: what did your IT provider do? Did they alert you of the situation, and let you know what steps they were taking? Or are you learning about it now?

We think it’s important to keep our clients in the loop, even if the information is not actionable on their end. We want our clients to know that we know and that we’re on it.

Interested in learning more? Reach out to Integris today.

We're Integris. We're always working to empower people through technology.

Keep reading

Top 10 IT Best Practices to Adopt Right Now

Top 10 IT Best Practices to Adopt Right Now

Welcome to the top 10 IT best practices to adopt right now. This simple, non-technical “listicle” (updated annually) covers some of the most valuable technology tips we can assemble into a five-minute read. Some of the recommendations are a little obvious. However,...

4 IT Support Options: Insource vs Outsource vs Mixed

4 IT Support Options: Insource vs Outsource vs Mixed

Businesses have 4 IT support options: insourced or internal, outsourced, and mixed AKA hybrid IT support.  Several factors inspire companies to analyze their IT support: office moves, sales growth, adding headcount, quality of service issues, data breaches, compliance...

The Advantages & Disadvantages of Outsourcing IT Services

The Advantages & Disadvantages of Outsourcing IT Services

Small businesses, mid-size organizations, and larger companies constantly weigh the advantages and disadvantages of outsourcing IT. Since everyone relies on technology 24/7 to operate, finding the best balance of people, performance, efficiency, and cost is critical...