Just when you thought 2021 was done throwing curveballs at us, along comes one of the biggest cybersecurity vulnerabilities in recent memory.
Log4j is a piece of open-source software, which has been incorporated into many software apps. Recently it was discovered that Log4j could be exploited to bypass the usual authentication processes and give cyber criminals open access to those systems. Effectively, the discovery means that there is a wide open back door to many different software, with the potential for anyone to enter.
The Australian Cyber Security Centre (link opens in new window) has issued a critical alert warning on the risks associated with log4j. Already there is evidence of criminal gangs exploiting this weakness in cyber attacks, with reports of Australian companies already impacted.
Both the US Cybersecurity & Infrastructure Security Agency (link opens in new window) and the Netherlands National Cyber Security Centre (link opens in new window) have released lists of some of the affected software. Some of the impacted parties include Amazon Web Services, cPanel, Dell, IBM, Microsoft, Salesforce and Trend Micro. If you are unsure whether an app is affected please get in touch with that company or your IT support person.
CyberGuru clients who are subscribed to our managed services had had their devices checked for vulnerabilities and are receiving updates each evening ensuring they can be as secure and protected as possible to prevent any issues. We are also proactively contacting clients to ensure we can review their environment to minimise any risks from this vulnerability.
We encourage you to please apply all updates as a matter of urgency, with the exception of the unrelated Windows 11 upgrade. Nobody wants to be dealing with cybersecurity threats just before the holidays, but investing a few minutes to update your desktops, laptops, mobile phones and other devices could be one the one thing stops those grinches from hacking into your systems over Christmas.