Last week, a vulnerability in ApacheLog4j was found. Also known as Log4shell, this weakness enables a threat actor to execute arbitrary code by sending crafted log messages.
What is Apache Log4j?
Log4j, an open-source logging library commonly used by apps and services across the internet. Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.
What is the issue?
The vulnerability has been given a Common Vulnerability Scoring System (CVSS) score of 10 which is the highest severity and deemed to be critical and if left unfixed, attackers can break into systems, steal credentials, extract data, and implant malicious software.
What you need to do
The National Cyber Security Centre (NCSC) have published guidance which can be found here advising all companies to ensure their systems and applications are patched to the latest update.
You should also check any systems implemented to see whether Apache Log4j has been used in the development process. Apache have released an update version too.
Featured Products
Related Articles
Graham was selected as the only champion for a UK media reseller based on his ongoing virtualisation work.
The last two years have been extremely challenging for the construction, energy, and engineering sectors. Here's how iPad can help make the difference...
You can get even greater protection when you combine native protection and supplementary tools. Here's how...
Last week, a vulnerability in Apache Log4j, also known as Log4shell was found. Here's our overview of the issue and what you need to do.