Security Flaw in Commonly Used Software Causes Technology Companies to Scramble
Experts Call Log4j Software Flaw One of Most Serious in Recent Memory
Technology companies have been busy addressing what security experts are calling one of the most serious software flaws in recent memory. The flaw in the Log4j software could allow hackers unfettered access to computer systems.
Log4j is a piece of software that runs in the background of many commonly used software applications. An extremely high volume of malicious traffic has been observed actively exploiting vulnerable systems since at least Friday, Dec. 10.
On Saturday, Dec. 11, U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent statement saying the new cyber vulnerability could touch a wide swath of the internet.
In collaboration with our security partners at FRSecure, we are providing known details and suggested steps for protection against this risk.
Who is Impacted?
A list of known affected applications and vendors such as Amazon, Apple, and Google can be found on FRSecure’s recent blog post here: CVE-2021-44228: Log4j Vulnerability. The list will likely expand.
Action Steps for Employers
This is an active exploit that is widespread among popular applications and software. Contact your internal or third-party IT security team immediately to assess your risk and, if necessary, put protections in place to thwart potential cyber attacks on your systems. FRSecure’s blog outlines specific IT actions to take. It is important to do your due diligence in identifying vulnerable or compromised systems within your environment.
If you have questions related to this update, please contact your North Risk Partners advisor. Don’t have an advisor? No problem. We’ll help you find one.
This regulatory update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.