How Log4J's Flaw Exposes Company Servers To A Cybersecurity Incident

photo of a computer screen with code

A critical cybersecurity vulnerability in the logging software Log4j that was discovered late last week has already resulted in more than 1 million cyberattacks, quickly becoming one of the largest security breaches ever.

We've put together a quick summary of what the issue is, who's affected, and what you can do about it. 

 

What Is Log4j, And Why Does It Matter?

Log4j is a free, open-source library used by many large organizations—Amazon, Apple, Microsoft, IBM, and Twitter, to name a few—to track user activity across applications. 

The Log4j vulnerability permits hackers to remotely run apps, mine cryptocurrency, install malware, steal sensitive data, or effectively take control of servers that are running a vulnerable version of Log4j and are open to the internet.

Hackers were already actively exploiting the vulnerability at the time of the announcement on Friday, Dec. 10, 2021.

 

What's Affected By The Log4J Vulnerability?

Many applications that include a management page or web page are affected.

Integrity began addressing the vulnerability on Friday, and we have reviewed the tools we use and applied updates to mitigate these threats.

We are aware of several other applications that are affected, and we are actively patching and scheduling our team members to address these vulnerabilities.

 

What You Can Do To Protect Yourself and Your Business From The Log4J Vulnerability

For our clients, we are requesting that you notify Integrity if you receive a notice from one of your software vendors that a product you use has the Log4j vulnerability.

You can forward the notification to our RemoteFix team at remotefix[at]integrityts.com.

Our RemoteFix team will ensure that your notification gets to the team that is addressing the vulnerability.

These team members will open a support case and will work with your software provider to get the necessary update or patch installed.

They will notify you if there will be any systems down to complete the update or patch and will work with you to schedule a time, if needed.

Please contact your Strategic Business Advisor (SBA) if you have questions or wish to receive additional information.

If your business is not currently working with Integrity but think you may be affected by this issue, please contact us today.

Integrity is a managed security service provider, specializing in compliance and working with regulated businesses and organizations. Integrity features a fully staffed help desk that provides immediate response and support, a dedicated information security team, and a C-suite of experienced technology advisement resources ready to help your business.