Cyber Alert: Apache Log4j Vulnerability

A maximum severity rating was recently issued for an Apache Log4j vulnerability on December 10, 2021. The vulnerability allows cyber threat actors to use remote code execution on the servers of the open-source Java package used for logging applications. Log4j is widely used in consumer and enterprise services, websites, applications, and operational technology products to log security and performance information. An unauthenticated cyber threat actor could remotely exploit this vulnerability to take control of an affected system.

According to the CISA, immediate actions to protect against Log4j exploitation

Cyber threat actors are actively scanning and exploiting this vulnerability, with many security researchers noting an increased number of scans targeting internet-facing systems. It’s essential to identify, mitigate and patch any solutions that utilize affected versions of Log4j. Anyone who believes this vulnerability might impact them should review the guidance provided by the Apache Software Foundation or the CISA.

Talk to your trusted RCM&D advisor today for more on the Log4j vulnerability and tips on what’s next if you suspect your system has been exploited.