Over the last week, well known open-source software creator Apache was made aware of several critical vulnerabilities in their Log4j application that could affect upwards of hundreds of millions of devices. Apache, a nonprofit, provides free open-source software to a wide array of users. Their Log4j application, which is among the most widely used on the internet today, records user activity, behavior of applications and is used to collect data across networks, websites and other applications. As an open-source software, Log4j is baked into several widely used applications including Java which is a key component of the internet.
As companies race to implement patches, this vulnerability still remains a significant threat. According to the Cybersecurity & Infrastructure Security Agency (CISA), a hacker could remote into the device, network or website with Log4j installed and control it. CISA recommends reviewing Apache’s page for security vulnerabilities, applying patches immediately to any critical systems, internet facing systems and networked servers, conducting a security review to determine any other concerns that could be addressed and to contact CISA and the FBI if the system has been compromised. According to Checkpoint, at least 1.8 million attempts have been noted to try an exploit this vulnerability as of Wednesday, December 15th.
McKonly & Asbury can assist your company in managing cybersecurity threats by performing a SOC for Cybersecurity engagement to identify whether effective processes and controls are in place as well as provide you with recommendations to detect, respond to, and mitigate and recover from breaches and other cybersecurity events. For more information on these services and more, be sure to visit our SOC services page as well as our Cybersecurity Services page and don’t hesitate to reach out to contact us with any questions.