You might have already heard about the widespread Log4j vulnerability discovered (aka CVE-2021-44228) but what does it mean and why does it matter?
Log4j is a major software flaw that could allow hackers uninterrupted access to important systems because of the commonality of the Log4j system, used in Java software as well as in Apache frameworks and other systems.
This has caused the U.S. Government’s cybersecurity agency to announce a pressing warning to those using these systems, including companies such as Google and ConnectWise. The effort to patch the flaws is hindered by cyber attackers making countless attempts to exploit the zero-day vulnerability discovered.
Here is what you should do to protect yourself
1) Keep your software up to date
2) Stay informed on companies’ status updates
3) Be increasingly vigilant of any suspicious pop-ups, emails or anything unfamiliar
As companies release updates and patches to their impacted networks it is vital to stay informed and up to date, many companies have released updates to weaken their vulnerability.
Connectwise temporarily removed their ecommerce site to limit the sensitive information exposed. This feature is now back up with Connectwise releasing a statement saying they felt the ecommerce site was secure with no indication of a breach or instability to allow a future breach.
IBM has also released a statement saying they are actively responding to the Log4j vulnerability within their infrastructure and products. Their programs Websphere 8.5 and 9.0 are vulnerable.
Due to the severity this has been categorized as the most high profile internet security vulnerability currently on the internet with a severity score of 10/10.
First noticed by minecraft players it has quickly escalated to include 1.8 million corporate networks. This exposure allows the exploitation of systems with Log4j to download a trojan malware which will download a .exe file which will then download a cryptominer onto your device. Cryptomining malware takes over your computing resources in order to mine cryptocurrencies such as bitcoin.
Be aware while on the internet and remember to stay in contact with your IT company as they will inform you of proper procedures. Follow us for information and security updates!