Cyber News Alert – Log4J Vulnerability
We wanted to make sure you are aware of a significant vulnerability, Log4J, that is affecting every Java based product or web service at this time. The vulnerability is being widely exploited across the internet and is an immediate risk.
Log4J is a Java library for logging error messages that allows unauthenticated remote code execution and access to servers. It is used in enterprise software applications, including those custom applications developed in-house by businesses, and forms part of many cloud computing services. Botnets have adopted an exploit for the flaw to target internet connected (IoT) devices also.
Jen Easterly, director of CISA described the Log4J vulnerability as “one of the most serious that I’ve seen in my entire career, if not the most serious”.
Because Log4j is so widely used, the vulnerability may impact a very wide range of software and services from many major vendors. It is very difficult to manually remediate it. Immediate updates to the affected applications are required.
CISA’s advice is to identify internet-facing devices running Log4j and upgrade them, or to apply the mitigations provided by vendors “immediately”. But it also recommends setting up alerts for probes or attacks on devices running Log4j.
Please check with your information technology or cyber security provider to ensure your organization has taken the steps necessary to protect your company from the Log4J vulnerability.
Contact a Sera-Brynn Expert today.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn partners with some of the world’s most respected and recognized brands to help them secure their infrastructure and meet cybersecurity compliance requirements. Sera-Brynn has invested in our capabilities and is proud to be only one of seven companies worldwide that hold certifications as both a Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) and a Payment Card Industry (PCI) Qualified Security Assessor (QSA). We use these and other individual advanced certifications (CISSP, CEH, i.e.) to help companies develop cybersecurity programs to meet Federal and Commercial Compliance Requirements (800-171, DFARS 7012, CMMC). Our experts, with their specialized comprehensive experience, will solve your most complex cyber challenges.