LOG4J
What even is LOG4J ? Simply put, it is software that used for logging. It is widely used within various systems both internal and external to many networks. A recently discovered vulnerability has allowed this to be exploited and used for malicious purposes. It is actively being exploited.
How serious is this and who does it affect? From the SMB market to the big cloud service players, IT resources will be working around the clock this 2021/2022 holiday to patch and protect systems. These systems may include an internal WIFI systems such as Ubiquity, a simple server sitting in your office running VMware or many of your favorite SaaS applications on the Internet.
Well that’s not good – what now?? No its not! As a user, there’s not much you can do other than to contact the various vendors who manage these Saas applications to understand if they have been affected either directly or indirectly by this vulnerability. The best thing cloud services can do is to update Log4J. But for any internal systems, it’s often not that simple as this Log4J may be “baked in” to the specific version of the software. SolutionSimple has been running various scans to locate this vulnerability within our client’s internal environment. In addition, we have been working with our clients to gather and obtain statements from various Saas and Hardware vendors. Many vendors have already released updates and many more vendors will be releasing updates shortly. Stay Safe and Happy Holidays!