javaHaven't heard of Log4j before right now? If not, you're certainly not alone but unfortunately it's something you're likely to hear more about in the weeks ahead. It may wind up being the cause of a few headaches for you.

"Log4j" is a Java library.  Its function is to log error messages in applications.  Consider it akin to an overworked clerk in the back office somewhere.

As is often the case with overworked clerks in back offices, it turns out that they're important. If one of them starts having issues it can have gigantic ripple effects. That's basically what's happening here.  This library is open source and is one of the bedrock components of the Java-logging framework.

Recently cybersecurity researchers found a remote code execution flaw in Log4j that is already being exploited in the wild.

The issue is being tracked as CVE-2021-44228 and has a severity score of 10/10 so this issue is as serious as they get.  In fact, it's such a major problem that the UK's National Cyber Security Centre has already issued a bulletin about it.

This is a pervasive issue that impacts pretty much every device that's exposed to or connected to the internet and that's running Apache Log4j versions 2.0 to 2.141. Even worse is that there's at least one group of hackers already abusing the flaw.  The Mirai botnet targets mostly IoT devices and has been modified with a module that specifically exploits this flaw.

Fortunately, both Cisco and VMware have released patches that address the issue for their products that were affected by the issue. As a whole the industry is moving very slowly when it comes to responding to this cyber threat.

That's dangerous because the global economy absolutely depends on the internet these days. Anything that has a large-scale impact on the web will have enormous ripple effects that will be felt for months if not years.

People also ask

What is Log4j used for?

Log4j is used by developers to keep track of what happens in their software applications or online services. It's basically a huge journal of the activity of a system or application. This activity is called 'logging' and it's used by developers to keep an eye out for problems for users.
https://www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know

What are the best practices to manage cyber risk like Log4j?

There are three main reasons that all cyber professionals need to be proactive in managing cyber risk. They must comply with regulations, their frequency and their severity. What can we do to address this problem?
https://manageditserviceswilmington.com/manage-cyber-risk/

What is Log4j vulnerability?

The Log4j flaw allows attackers to execute code remotely on a target computer, which could let them steal data, install malware or take control. Exploits discovered recently include hacking systems to mine cryptocurrency.
https://www.spartantec.com/2021/11/29/mistake-employees-cybersecurity/

Call SpartanTec, Inc. now for more details on how we can help protect your information against various types of cyberthreats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Used with permission from Article Aggregator