log4j vulnerability

Apache Log4j Update

Cyber security threats have evolved quickly and now pose a threat to all businesses. We have learned how to avoid phishing attempts, create strong passwords, and steer clear of malware. Now companies are facing a critical software vulnerability.


Apache Log4J is a common open-source software widely used for logging software errors and sharing diagnostic messages. Software users can customize the code to perform multiple actions, including malicious activity on a computer. The hacker then remotely manipulates a computer or server.


How is this code vulnerability different?

Apache Log4j is both highly vulnerable to invaders and highly prevalent. Apache Log4J has received the highest possible Vulnerability Score: 10.0 CVSS, making attacks attainable to even novice hackers. Apache Log4J is utilized in systems that use Java logging library. You have likely engaged with software that utilizes Apache Log4j. Large firms, including Amazon Web Services, Cisco, IBM, Google Cloud, and Microsoft, have found that at some point, their services were vulnerable due to the code. However, computer software is not the only industry that has employed it. Information technology and financial services companies have also used the code. Since the vulnerability was discovered in December, companies have worked to patch susceptibilities; however, the flaw was a zero-day, meaning it was found and exploited before a patch could be implemented.


Who is responsible?

The Federal Trade Commission is warning companies, “It is critical that companies and their vendors relying on Apache Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.” Equifax is already being held liable for exposing consumers’ personal information when they failed to patch a known vulnerability and has agreed to pay $700 million in settlements.


Updates to Apache Log4j

Log4j1 is no longer supported. You can find information about the security vulnerabilities that have been fixed in Log4j 2 at https://logging.apache.org/log4j/2.x/security.html

The upgrade to Log4j can also be found on the Apache site here: https://logging.apache.org/log4j/2.x/index.html


What about personal computers?

Apache Log4j is used in businesses and affects servers; hackers primarily use the flaw to target companies. You cannot patch the Apache Log4j flaw yourself from your personal computer as a consumer. However, you can make sure to use the most up-to-date software versions that have been updated to reduce hacker vulnerability.


What if your data was compromised?

If your data was stored improperly by a compromised company, it creates a personal data breach. The breach could include anything stored by the impacted server, including but not limited to passwords, financial data, medical data, and addresses. If a company has a known cyber breach due to the Apache Log4j flaw or another attack, they are obligated to notify you. You can always enroll in an identity theft protection service to help protect yourself if your personal information is stolen.