Worried about the "Log4J Vulnerability"? Here's what you need to know.
Log4J is one of Java's libraries. This library helps Java log error messages - very helpful item. The vulnerability everyone's talking about, nicknamed "Log4Shell," unfortunately turns this library from 'useful' to 'liability.'
Given how frequently other software platforms use Java, this makes it a widespread vulnerability affecting millions of desktop computers & servers alike.
If Your IT Infrastructure Uses These Platforms, You're at Risk from Log4Shell
The platforms where Log4Shell presents the most risk include:
- Apache, one of the most-used web servers on the Internet
- WS_FTP, one of the longest-used FTP programs worldwide
- Amazon Web Services (AWS)
- Microsoft Azure
- Cisco products
- Apple iCloud
- Many more enterprise software platforms, cloud services, etc.
(NOTE: These are platforms we currently know are vulnerable. Others may appear in the coming days.)
What makes this one dangerous is that cybercriminals are hunting for it. They're scanning thousands of computers every minute, looking for the vulnerability...looking for a way in.
What can cybercriminals do to your computers, if they exploit Log4Shell and break in? So far, they've done all of the following:
- Steal credentials to secure data
- Break into corporate networks
- Install cryptocurrency miners
- Steal user data: Identities, payment information, etc.
And that's just what we know of.
Is anything safe from this vulnerability? Yes. Software which doesn't use Java doesn't contain the vulnerability, and is therefore safe from attack. (This time.)
For example, our Private Cloud services run on Windows Servers in our data center. These do not use Java, and are safe.
Our web servers run Sitefinity CMS and Craft CMS. These do not use Java, and are safe.
Our file sharing platform does not use Java, and is secure.
Patches Available; Please Check, Update, and Backup
Apache has already patched their software. You can download the patched versions at Apache.org. Other software providers have either released patches, or have them in the works.
The best things every business can do?
- Verify your computers (including servers) have up-to-date software.
- Make sure your cloud backups are running.
- Check your infrastructure for Java installations. This includes employee workstations.
If you're concerned over your network's security, or need assistance patching vulnerable computers, please contact the PlanetMagpie Support team at firstname.lastname@example.org.