Blog

Fatech IT Advisors Blog

Fatech IT Advisors has been serving the Herndon area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Log4j Vulnerability and What You Can Do

The Log4Shell vulnerability has commanded the cyber world’s attention as of late when it appeared in late November 2021. This new cybersecurity vulnerability has left many systems across the country and globe open to attack. Log4Shell is a vulnerability that was found in the Log4j framework. Any device, most notably servers, that use the Log4j utility is at risk of this vulnerability. Anyone that uses Log4j could be at risk of this vulnerability.

The Log4Shell vulnerability has commanded the cyber world’s attention as of late when it appeared in late November 2021. This new cybersecurity vulnerability has left many systems across the country and globe open to attack. Log4Shell is a vulnerability that was found in the Log4j framework. Any device, most notably servers, that use the Log4j utility is at risk of this vulnerability. Anyone that uses Log4j could be at risk of this vulnerability.

What is Log4j?

The Log4Shell exposure has surpassed recent attacks because of the popularity of the Log4j logging utility. Apache Software Foundation developed the Log4j framework in 2001. This is a widely used system by companies like Apple, Microsoft, Cisco, and many more. What is it exactly? Log4j is a library for computers. It is used to track software applications and other services online. Log4j “logs” the activity of these services and stores them. It is in this library hackers found a vulnerability.

How the Log4j vulnerability works

This vulnerability allows a remote hacker to take control of a server through this newly discovered flaw in Log4j and then command the machine to run any software the hacker chooses. The Cybersecurity and Infrastructure Security Agency (CISA) described the vulnerability as one of the most severe threats in recent memory. They rated it a 10 of 10 on the CVSS scale, which measures the severity of the potential vulnerabilities.

What steps do I need to take to protect my business from the Log4j Vulnerability?

To combat this and stay secure, you’ll need to get in contact with both your IT team and your website team. The CISA has recommended updating Log4j (2.17.1 for Java 8, 2.12.3 for Java 7, and 2.3.2 for Java 6) and Java itself. It is essential to update both to patch this vulnerability. This should be done as soon as possible to protect from any potential future Log4Shell vulnerabilities.

You also need to ensure that your server is not affected by the virus because knowing how extensive the damage of an already-hacked network can be tricky. Even servers that are not entirely written in Java can be affected. Ideally, the best way to be sure is to check any code that Log4j uses and make sure the code is still as intended.

We can help

This vulnerability can be very tricky to deal with. Contact us if you think your computers or servers are at risk or have been affected.

Phishing for Trouble: What You Need to Know About ...
Is Data a Commodity? Maybe Not, but It Is an Asset
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 29 February 2024

Captcha Image

Customer Login

News & Updates

Fatech IT Advisors is proud to announce the launch of our new website at www.fatech.net. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what Fatech IT Advisors can do for your business.

Fatech IT Advisors
585 Grove Street Suite G10
Herndon, Virginia 20170