A major security flaw in the Java logging package of log4j has been discovered. The Log4j vulnerability is an extremely easy exploit; attackers are scanning the internet for vulnerable systems, using Log4j to install Coin Miners and remote access tools like Cobalt Strike to enable credential theft, which can be used to steal data. If left unpatched, cyber-attackers could take over computer servers, potentially putting online services, as well as consumer devices, at risk of failure.
Vulnerable code can be found in products from some of the most prominent technology vendors like Cisco, Google and VMware, and AWS Cloudflare. Even with the best security technology money can buy, companies that run websites using Apache are at risk. Log4j is the most common logging library on Java. Around half the known websites on the internet use Apache, which means that half of the websites in the world are vulnerable to the Log4j exploit. It’s too soon to see what the fallout of this disaster might be, but the damage may be incalculable.
For more information and immediate consultation on whether you may be at risk, reach out to Gigit Security.
Call us: (707)350-9900