What is Apache Log4j2 and what action should be taken?
15 Dec 2021
Reports emerged on 9 December 2021 of advanced ransomware, specifically a zero-day exploit, that is of significant concern to all organisations, posing one of the greatest security risks to the internet in recent times.
Solace Cyber have shared the following advisory, recommending that all organisations take steps to investigate and mitigate the widespread risk posed.
Key Points
The vulnerability lies within Log4j2 that is an open-source Java logging library developed by the Apache foundation. Java is a programming language, used routinely in many applications and is present in many services such as Microsoft’s Minecraft, Apple iCloud, Twitter and Steam. Other affected platforms can include enterprise applications, cloud services and custom applications developed within an organisation.
Logging forms a crucial part of the run-time of these applications, providing a tool to understand a programs run-time behaviour and make it available for analysis. Because the usage of the logging framework is so highly adopted, data from businesses around the world that use these services could potentially become accessed by cyber criminals. Therefore, Solace Cyber recommend all organisations should take immediate action to mitigate the risk.
Because the usage of the logging framework is so highly adopted, data from businesses around the world that use these services could potentially become accessed by cyber criminals. Therefore, Solace Cyber recommend all organisations should take immediate action to mitigate the risk.
Solace Cyber security specialists share key actions all organisations should take, to mitigate becoming exploited by the Log4j2 vulnerability.