CRITICAL SECURITY LOG4J ZERO-DAY ALERT!
A VULNERABILITY IN a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as fixes emerge, researchers warn that the flaw could have serious repercussions worldwide.
WHAT DEVICES AND APPLICATIONS ARE AT RISK?
Any device that’s exposed to the internet running Apache Log4J, versions 2.0 to 2.14.1. NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks.
NECESSARY ACTIONS:
Identify internet-facing devices running Log4j and upgrade them to version 2.15.0, or to apply the mitigations provided by vendors “immediately”. Also, set up alerts for probes or attacks on devices running Log4j.
Take Action Now!