Leone Technologies Blog

WARNING: Log4j is a Serious Threat to Nearly Every Business

WARNING: Log4j is a Serious Threat to Nearly Every Business

A critical, widespread vulnerability was just discovered, and this one is a very big deal. In fact, Log4j is one of the worst vulnerabilities we’ve seen, period. Your business needs to be aware of it, and you absolutely need to take measures to prevent it.

What is Log4j?

Log4j is a Java library, which likely doesn’t mean all that much to most users. It’s essentially a common set of instructions used throughout a massive number of applications and systems. Any software that uses the Log4j library suffers from a major vulnerability that was just discovered. Even though this library has been in use for years, the sudden discovery of the vulnerability means that cybercriminals will start exploiting it. Doing so could give them unfettered access to your data.

The vulnerability impacts many of the biggest names in technology. You’ll probably recognize some of them, such as:

  • Amazon Web Services
  • Apple
  • Cisco
  • Fortinet
  • Google
  • IBM
  • Microsoft 
  • SonicWall
  • Sophos
  • VMware

…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.

Is My Business Vulnerable to the Log4j Vulnerability?

It’s pretty likely that you are at risk. Most businesses are, especially if they aren’t patching their software and operating systems and being diligent about their cybersecurity and IT management.

While it isn’t inherently clear from an end-user perspective what software language or Java libraries a particular application or system utilizes, it’s pretty likely that something you use is at risk. Thankfully, the big software companies are scrambling to provide patches and updates, and hopefully the more niche developers are taking this seriously too. 

The real responsibility comes down to you—are you keeping your software updated across your entire business? Are you ensuring that you are still eligible for updates for all of the systems that you use?

That’s what you need to determine, and then you need to determine what might be affected, and get it mitigated. We can help you - give us a call at (856) 524-7045 to set up an appointment.

This Makes All Technology and The Internet a Little More Dangerous

Even if you patch everything, that doesn’t mean everyone else will. In fact, experts suspect it will take years before the Log4j vulnerability goes away forever. 

For example, let’s say you use a weight loss app or website to track your workouts and caloric intake. If that website relies on technology that Log4j impacts and they don’t apply the fixes, the information you’ve provided to the website—account details, financial information, and whatever else—would be at risk.

Again, this applies to any website and every piece of software, so if the developer (or whoever controls and runs the software or website) doesn’t react, your account with them could be vulnerable.

This means it is up to you to practice good cybersecurity hygiene everywhere you go. Weak passwords like “password!” need to stop being used, and you cannot. This involves following the basic password best practices that we always talk about, like:

  • Using a unique password for each account and website
  • Using a mix of alphanumeric characters and symbols
  • Using a sufficiently complex passcode to help with memorability without shorting your security
  • Keeping passwords to yourself

Let’s Audit your IT to Ensure You Aren’t at Risk

Give Leone Technologies a call at (856) 524-7045 to set up an appointment to review all of your technology to ensure your business isn’t at risk, and to get you patched and mitigated if you are. It’s extremely important.

Collaboration is Simpler When Your Resources are O...
Ransomware’s Extreme Profits Should Be a Cause for...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, January 29, 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.leonetechnologies.com/

Latest Blog

Today’s business world is subject to countless scams and cybersecurity threats, and it’s your job to ensure that your company does not fall victim to these scams and con artists. How can you be sure that the many messages you receive on a r...

Contact Us

Learn more about what Leone Technologies
can do for your business.

Leone Technologies
923 Haddonfield Road Suite #300
Cherry Hill, New Jersey 08002

Account Login